| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
An attacker can trigger an infinite loop via Action View of Rails, in order to trigger a denial of service.
 Impacted systems: Debian, Fedora, openSUSE Leap, SLES.
Severity of this alert: 2/4.
Creation date: 01/04/2019.
Références of this alert: CVE-2019-5419, DLA-1739-1, FEDORA-2019-1cfe24db5c, ibm10881644, openSUSE-SU-2019:1344-1, openSUSE-SU-2019:1527-1, openSUSE-SU-2019:1824-1, openSUSE-SU-2020:1993-1, openSUSE-SU-2020:2000-1, SUSE-SU-2019:1381-1, SUSE-SU-2019:1973-1, SUSE-SU-2020:3036-1, SUSE-SU-2020:3147-1, SUSE-SU-2020:3160-1, VIGILANCE-VUL-28901.
Description of the vulnerability 
An attacker can trigger an infinite loop via Action View of Rails, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This cybersecurity bulletin impacts software or systems such as Debian, Fedora, openSUSE Leap, SLES.
Our Vigil@nce team determined that the severity of this cybersecurity weakness is medium.
The trust level is of type confirmed by the editor, with an origin of document.
An attacker with a expert ability can exploit this computer vulnerability bulletin.
Solutions for this threat 
Debian 8: new rails packages.
New packages are available:
Debian 8: rails 2:4.1.8-1+deb8u5
Fedora 30: new rubygem packages.
New packages are available, as indicated in information sources.
IBM BigFix Compliance: version 1.10.1.
The version 1.10.1 is fixed.
openSUSE Leap 15.0: new rmt-server packages.
New packages are available:
openSUSE Leap 15.0: rmt-server 2.1.4-lp150.2.16.1
openSUSE Leap 15.0: new ruby2.5-rubygem-actionpack-5_1 packages.
New packages are available:
openSUSE Leap 15.0: ruby2.5-rubygem-actionpack-5_1 5.1.4-lp150.2.3.1
openSUSE Leap 15.1: new rmt-server packages (02/08/2019).
New packages are available:
openSUSE Leap 15.1: rmt-server 2.3.1-lp151.2.3.1
openSUSE Leap 15.1: new rmt-server packages (24/11/2020).
New packages are available:
openSUSE Leap 15.1: rmt-server 2.6.5-lp151.2.18.2
openSUSE Leap 15.2: new rmt-server packages.
New packages are available:
openSUSE Leap 15.2: rmt-server 2.6.5-lp152.2.3.1
Redmine: version 3.4.10.
The version 3.4.10 is fixed:
http://www.redmine.org/projects/redmine/wiki/Download
Redmine: version 4.0.3.
The version 4.0.3 is fixed:
http://www.redmine.org/projects/redmine/wiki/Download
SUSE LE 15: new rmt-server packages.
New packages are available:
SUSE LE 15 RTM: rmt-server 2.1.4-3.17.1
SUSE LE 15 RTM: new rmt-server packages.
New packages are available:
SUSE LE 15 RTM: rmt-server 2.6.5-3.34.1
SUSE LE 15 SP1: new rmt-server packages (05/11/2020).
New packages are available:
SUSE LE 15 SP1: rmt-server 2.6.5-3.18.1
SUSE LE 15 SP1: new rmt-server packages (26/07/2019).
New packages are available:
SUSE LE 15 SP1: rmt-server 2.3.1-3.3.3
SUSE LE 15 SP2: new rmt-server packages.
New packages are available:
SUSE LE 15 SP2: rmt-server 2.6.5-3.3.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides a systems vulnerabilities note. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|