10 Aug 2012
Manipulation of data
This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access.
The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
SUSE has issued an update for rubygem-actionpack/activerecord. This fixes two vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks.
Apply updated packages via the zypper package manager.