The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Rails: infinite loop via Action View

Synthesis of the vulnerability 

An attacker can trigger an infinite loop via Action View of Rails, in order to trigger a denial of service.
Impacted systems: Debian, Fedora, openSUSE Leap, SLES.
Severity of this alert: 2/4.
Creation date: 01/04/2019.
Références of this alert: CVE-2019-5419, DLA-1739-1, FEDORA-2019-1cfe24db5c, ibm10881644, openSUSE-SU-2019:1344-1, openSUSE-SU-2019:1527-1, openSUSE-SU-2019:1824-1, openSUSE-SU-2020:1993-1, openSUSE-SU-2020:2000-1, SUSE-SU-2019:1381-1, SUSE-SU-2019:1973-1, SUSE-SU-2020:3036-1, SUSE-SU-2020:3147-1, SUSE-SU-2020:3160-1, VIGILANCE-VUL-28901.

Description of the vulnerability 

An attacker can trigger an infinite loop via Action View of Rails, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity bulletin impacts software or systems such as Debian, Fedora, openSUSE Leap, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity weakness is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer vulnerability bulletin.

Solutions for this threat 

Debian 8: new rails packages.
New packages are available:
  Debian 8: rails 2:4.1.8-1+deb8u5

Fedora 30: new rubygem packages.
New packages are available, as indicated in information sources.

IBM BigFix Compliance: version 1.10.1.
The version 1.10.1 is fixed.

openSUSE Leap 15.0: new rmt-server packages.
New packages are available:
  openSUSE Leap 15.0: rmt-server 2.1.4-lp150.2.16.1

openSUSE Leap 15.0: new ruby2.5-rubygem-actionpack-5_1 packages.
New packages are available:
  openSUSE Leap 15.0: ruby2.5-rubygem-actionpack-5_1 5.1.4-lp150.2.3.1

openSUSE Leap 15.1: new rmt-server packages (02/08/2019).
New packages are available:
  openSUSE Leap 15.1: rmt-server 2.3.1-lp151.2.3.1

openSUSE Leap 15.1: new rmt-server packages (24/11/2020).
New packages are available:
  openSUSE Leap 15.1: rmt-server 2.6.5-lp151.2.18.2

openSUSE Leap 15.2: new rmt-server packages.
New packages are available:
  openSUSE Leap 15.2: rmt-server 2.6.5-lp152.2.3.1

Redmine: version 3.4.10.
The version 3.4.10 is fixed:
  http://www.redmine.org/projects/redmine/wiki/Download

Redmine: version 4.0.3.
The version 4.0.3 is fixed:
  http://www.redmine.org/projects/redmine/wiki/Download

SUSE LE 15: new rmt-server packages.
New packages are available:
  SUSE LE 15 RTM: rmt-server 2.1.4-3.17.1

SUSE LE 15 RTM: new rmt-server packages.
New packages are available:
  SUSE LE 15 RTM: rmt-server 2.6.5-3.34.1

SUSE LE 15 SP1: new rmt-server packages (05/11/2020).
New packages are available:
  SUSE LE 15 SP1: rmt-server 2.6.5-3.18.1

SUSE LE 15 SP1: new rmt-server packages (26/07/2019).
New packages are available:
  SUSE LE 15 SP1: rmt-server 2.3.1-3.3.3

SUSE LE 15 SP2: new rmt-server packages.
New packages are available:
  SUSE LE 15 SP2: rmt-server 2.6.5-3.3.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities note. The Vigil@nce vulnerability database contains several thousand vulnerabilities.