RHSA-2016:0296High
Red Hat Security Advisory: rh-ror41 security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2015-7576 — rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller CVE-2015-7577 — rubygem-activerecord: Nested attributes rejection proc bypass in Active Record CVE-2015-7581 — rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack CVE-2016-0751 — rubygem-actionpack: possible object leak and denial of service attack in Action Pack CVE-2016-0752 — rubygem-actionpack: directory traversal flaw in Action View CVE-2016-0753 — rubygem-activerecord: possible input validation circumvention in Active Model
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2016:0296
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1301933
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1301946
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1301957
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1301963
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1301973
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1301981
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0296.json