Security Information / 2016 / Security Information -- DSA-3464-1 rails

Debian Security Advisory

DSA-3464-1 rails -- security update

Date Reported:

31 Jan 2016

Affected Packages:

rails

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-3226, CVE-2015-3227, CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753.

More information:

Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation.

For the stable distribution (jessie), these problems have been fixed in version 2:4.1.8-1+deb8u1.

For the unstable distribution (sid), these problems have been fixed in version 2:4.2.5.1-1.

We recommend that you upgrade your rails packages.