SB2016021014 - Fedora 22 update for rubygem-actionpack, rubygem-activemodel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016021014

SB2016021014 - Fedora 22 update for rubygem-actionpack, rubygem-activemodel

Published: February 10, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016021014
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Denial of service (CVE-ID: CVE-2015-7581)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.

2) Timing attack (CVE-ID: CVE-2015-7576)

The vulnerability allows a remote attacker to bypass authentication.

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.

3) Denial of service (CVE-ID: CVE-2016-0751)

The vulnerability allows a remote attacker to perform a denial of service (DoS). attack.

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

4) Path traversal (CVE-ID: CVE-2016-0752)

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to improper input validation in Action View. A remote attacker can send a specially crafted request, containing directory traversal sequences (e.g. "../") and view contents of arbitrary file on vulnerable system.

5) Security restrictions bypass (CVE-ID: CVE-2016-0753)

The vulnerability allows a remote attacker to bypass certain security restrictions.


Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

Remediation

Install update from vendor's website.

References