==================================================================== CERT-Renater Note d'Information No. 2016/VULN095 _____________________________________________________________________ DATE : 04/03/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Rails versions prior to 4.2.5.2, 4.1.14.2, 3.2.22.2. ====================================================================== http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/ _____________________________________________________________________ Rails 4.2.5.2, 4.1.14.2 and 3.2.22.2 have been released! Posted by rafaelfranca, February 29, 2016 @ 6:50 pm in Releases Hello everyone and happy Monday! Rails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible: CVE-2016-2097 Possible Information Leak Vulnerability in Action View CVE-2016-2098 Possible remote code execution vulnerability in Action Pack These releases also contains bug fixes for the previous security releases. The released versions can be found in the usual locations, and you can find a list of changes on GitHub: Changes in 4.2.5.2 Changes in 4.1.14.2 Changes in 3.2.22.2 We’ve done our best to minimize any impact to your applications, but if you run in to any issues, please file a ticket and we’ll do our best to help! Again, as always, if you run in to any bugs, please file them on the Rails issue tracker which is located here. If you run in to security issues, please follow the reporting process which can be found here. Here are checksums for the released gems: $ shasum *4.2.5.2.gem* 6d63003ef278381e2155daff9d88c0e3f9b4772f actionmailer-4.2.5.2.gem d4c345a50c1ca34877c262515c803f7e3c2b1db0 actionpack-4.2.5.2.gem e6046e359ef996d08ceebf5b827286737666c848 actionview-4.2.5.2.gem 6b2e3059fd620c84f039a9882bf4ef9199fab3c0 activejob-4.2.5.2.gem 84af62e888830fd6616cc984bc06da3f87ef12b5 activemodel-4.2.5.2.gem 9e22d1ac610a7f63a6cc55af98701cedecf760b2 activerecord-4.2.5.2.gem c8781d9fff8e410987ac5d2a5483fdca2b0b6c15 activesupport-4.2.5.2.gem 0a0c4b44a6a40680deffd7abe6fe1ad4c4adcd77 rails-4.2.5.2.gem 5614cd03b5912f9cf48fa41c81fff9145f472507 railties-4.2.5.2.gem $ shasum *4.1.14.2.gem* d15f2f70b1539d44a2dab6864f550238ef0ae3d1 actionmailer-4.1.14.2.gem 04bb0456048863f6391f0f5996a2b01c8a9c1e8b actionpack-4.1.14.2.gem 57a54f23c418b39979a2745bb3db2de67a6d02c9 actionview-4.1.14.2.gem 54e553172130d32962e1ff6fe8e19fd71b552994 activemodel-4.1.14.2.gem 45ee0e48ad0eb17ef36bd8816439f256cbe0b51c activerecord-4.1.14.2.gem 957a341b6ee5970d4b6e36b108de05ead0ea9762 activesupport-4.1.14.2.gem 4d8842abe184b0113032d6643b9d4639bb6e276b rails-4.1.14.2.gem c4b3a0e130117b70524d3f52a292518a8a237480 railties-4.1.14.2.gem $ shasum *3.2.22.2.gem* d5fa20cbddd37cbfd4a665b3d37ad2d5f47f1394 actionmailer-3.2.22.2.gem 127a227365cdc1195fb309ab037f25ab276dbc87 actionpack-3.2.22.2.gem c754858b10ef01b071eafca831be2dba2ebbcc71 activemodel-3.2.22.2.gem 417f1b087f7166083b78c5cebfb911cffe551c13 activerecord-3.2.22.2.gem 859861ec97dcb15dbaef38555995b2c1490928c9 activeresource-3.2.22.2.gem 7383b11b265cdd642c55aee5e15f0f87a5a77505 activesupport-3.2.22.2.gem e2b06adbd0df0ccd09b7e5d48024dc076ef38884 rails-3.2.22.2.gem f358f2b37f5f439ef9971d2aba1d96258e9c25f9 railties-3.2.22.2.gem ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================