Critical Ruby on Rails flaws fixed, upgrade immediately

For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails are advised to upgrade to the newly offered versions immediately due to serious vulnerabilities present in previous ones. Last week it was an SQL injection vulnerability , an exploit for which has been publicly disclosed and posed a considerable threat. This time around the new versions contain two extremely critical security fixes for "multiple vulnerabilities in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application" (CVE-2013-0156 ) and for a denial-of-service vulnerability triggered when Active Record is used in conjunction with JSON parameter parsing (CVE-2013-0155 ). Ben Murphy, one of the framewor...

Full article: http://www.net-security.org/secworld.php?id=14208

Tweets

@gslin » 09 Jan '13, 4pm
Critical Ruby on Rails flaws fixed, upgrade immediately [link] via @zite
@thecommongeek » 09 Jan '13, 3pm
Critical Ruby on Rails flaws fixed, upgrade immediately [link] #rubyonrails
@ConsumersFightB » 09 Jan '13, 3pm
Critical Ruby on Rails flaws fixed, upgrade immediately - For the second week in a row since the start of the new y... [link]
@bfbcping » 09 Jan '13, 2pm
Ruby on Rails people... PANIC! OMG! OMG! OMG! We're all gonna die! [link]
@CcureIT » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately [link] #ccureit
@CyberExaminer » 09 Jan '13, 2pm
#cybersecurity Critical Ruby on Rails flaws fixed, upgrade immediately [link] #infosec
@j3lte » 09 Jan '13, 2pm
RT @InfosecNewsBot: Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in a row since the start o... [link] #infosec
@cedwardsmedia » 09 Jan '13, 2pm
RT @YerWhiteHatNews: Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in a row since the start of the new... [link]
@Xc0resecurity » 09 Jan '13, 2pm
#xc0resecurity Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in ... [link] #infosec #netsec
@thinksnews » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in a row since t... [link] #infosec #security
@Ndest_Sky » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in a row since the sta... [link] #NetSecurity
@pcguys » 09 Jan '13, 2pm
Security alert Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week... [link] [link]
@IT_securitynews » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in a row since the start of the new... [link]
@InfosecNewsBot » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in a row since the start o... [link] #infosec
@ZIONSECURITY » 09 Jan '13, 2pm
RT @helpnetsecurity: Critical Ruby on Rails flaws fixed, upgrade immediately - [link] - @rails
@helpnetsecurity » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately - [link] - @rails
@Endpoint_Secure » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately [link]
@IT_securitynews » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately: For the second week in a row since the start of the new... [link]
@Endpoint_Secure » 09 Jan '13, 2pm
Critical Ruby on Rails flaws fixed, upgrade immediately [link]
@danilocalcavara » 09 Jan '13, 2pm
RT @helpnetsecurity: Critical Ruby on Rails flaws fixed, upgrade immediately - [link] - @rails