FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)

Medium Nessus Plugin ID 65937


The remote FreeBSD host is missing one or more security-related updates.


Ruby on Rails team reports :

Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible.

Four vulnerabilities have been discovered and fixed :

- (CVE-2013-1854) Symbol DoS vulnerability in Active Record

- (CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack

- (CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users

- (CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby on Rails


Update the affected packages.

See Also!topic/ruby-security-ann/o0Dsdk2WrQ0

Plugin Details

Severity: Medium

ID: 65937

File Name: freebsd_pkg_db0c4b00a24c11e29601000d601460a4.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2013/04/12

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rubygem-actionpack, p-cpe:/a:freebsd:freebsd:rubygem-activerecord, p-cpe:/a:freebsd:freebsd:rubygem-activesupport, p-cpe:/a:freebsd:freebsd:rubygem-rails, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/04/10

Vulnerability Publication Date: 2013/03/18

Reference Information

CVE: CVE-2013-1854, CVE-2013-1856, CVE-2013-1857