Oval Definition:	oval:org.opensuse.security:def:20154020
Revision Date: 2022-09-02 Version: 1 Title: CVE-2015-4020 Description: RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2015-4020 SUSE CVE-2015-4020 Platform(s): SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 11 SP3 is installed OR SUSE Linux Enterprise Desktop 11 SP4 is installed OR SUSE Linux Enterprise Server 11 SP3 is installed OR SUSE Linux Enterprise Server 11 SP4 is installed OR SUSE Linux Enterprise Software Development Kit 11 SP3 is installed OR SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND ruby is not affected Definition Synopsis SUSE Linux Enterprise Server 11 SP3 is installed AND ruby is not affected Definition Synopsis Release Information SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND ruby is affected OR ruby2.1 is affected OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND ruby is affected OR libruby2_1-2_1 is affected OR ruby2.1 is affected OR ruby2.1-stdlib is affected Definition Synopsis Release Information SUSE OpenStack Cloud 8 is installed OR SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby is affected OR libruby2_1-2_1 is affected OR ruby2.1 is affected OR ruby2.1-stdlib is affected Definition Synopsis Release Information SUSE OpenStack Cloud 9 is installed OR SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information ruby is affected OR libruby2_1-2_1 is affected OR ruby2.1 is affected OR ruby2.1-stdlib is affected Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND ruby is affected OR ruby2.1 is affected OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed AND ruby is affected OR libruby2_1-2_1 is affected OR ruby2.1 is affected OR ruby2.1-stdlib is affected Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND Package Information ruby is affected OR libruby2_1-2_1 is affected OR ruby2.1 is affected OR ruby2.1-stdlib is affected
BACK