OVAL Reference oval:org.opensuse.security:def:201916782

Oval Definition:

oval:org.opensuse.security:def:201916782

Revision Date:	2022-06-30	Version:	1
Title:	CVE-2019-16782
Description:	There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2019-16782 SUSE-SU-2020:0359-1 SUSE-SU-2020:2678-1 openSUSE-SU-2020:0214-1 Mitre CVE-2019-16782 SUSE CVE-2019-16782 SUSE-SU-2020:0359-1 SUSE-SU-2020:2678-1 SUSE-SU-2021:1162-1 openSUSE-SU-2020:0214-1
Platform(s):	openSUSE Leap 15.1 openSUSE Tumbleweed SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information ruby2.5-rubygem-rack-2.0.8-lp151.3.3 is installed AND ruby2.5-rubygem-rack is signed with openSUSE key OR ruby2.5-rubygem-rack-doc-2.0.8-lp151.3.3 is installed AND ruby2.5-rubygem-rack-doc is signed with openSUSE key OR ruby2.5-rubygem-rack-testsuite-2.0.8-lp151.3.3 is installed AND ruby2.5-rubygem-rack-testsuite is signed with openSUSE key OR rubygem-rack-2.0.8-lp151.3.3 is installed AND rubygem-rack is signed with openSUSE key
Definition Synopsis
Release Information SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND ruby2.5-rubygem-rack-doc-2.0.8-3.3 is installed OR ruby2.5-rubygem-rack-testsuite-2.0.8-3.3 is installed OR rubygem-rack-2.0.8-3.3 is installed OR Package Information SUSE Linux Enterprise High Availability 15 is installed OR SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-rack-2.0.8-3.3 is installed OR rubygem-rack-2.0.8-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information ruby2.5-rubygem-rack-doc-2.0.8-3.3 is installed OR ruby2.5-rubygem-rack-testsuite-2.0.8-3.3 is installed OR rubygem-rack-2.0.8-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 is installed OR ruby2.1-rubygem-rack-1.6.13-3.8.1 is installed OR rubygem-activerecord-session_store is affected
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 is installed OR ruby2.1-rubygem-rack-1.6.13-3.8.1 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 is installed OR ruby2.1-rubygem-rack-1.6.13-3.8.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND ruby2.5-rubygem-rack-doc-2.0.8-3.3 is installed OR ruby2.5-rubygem-rack-testsuite-2.0.8-3.3 is installed OR rubygem-rack-2.0.8-3.3 is installed OR Package Information SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-rack-2.0.8-3.3 is installed OR rubygem-rack-2.0.8-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-rack-2.0.8-3.3.1 is installed
Definition Synopsis
openSUSE Tumbleweed is installed AND Package Information ruby2.7-rubygem-actioncable-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-actionmailer-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-actionpack-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 is installed OR ruby2.7-rubygem-actionview-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-activejob-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-activemodel-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-activerecord-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-activestorage-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-activesupport-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-rack-2.2.3-1.7 is installed OR ruby2.7-rubygem-rack-2.0-2.0.9-1.10 is installed OR ruby2.7-rubygem-rails-5.2-5.2.6-1.2 is installed OR ruby2.7-rubygem-railties-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-actioncable-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-actionmailer-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-actionpack-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-actionpack-6.0-6.0.4-1.2 is installed OR ruby3.0-rubygem-actionview-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-activejob-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-activemodel-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-activerecord-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-activestorage-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-activesupport-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-rack-2.2.3-1.7 is installed OR ruby3.0-rubygem-rack-2.0-2.0.9-1.10 is installed OR ruby3.0-rubygem-rails-5.2-5.2.6-1.2 is installed OR ruby3.0-rubygem-railties-5.2-5.2.6-1.2 is installed OR ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 is installed OR ruby3.1-rubygem-rack-2.2.3.1-1.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Performance Computing 12 is installed OR SUSE Linux Enterprise Module for Containers 12 is installed OR SUSE Linux Enterprise Server 12 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server 12 SP4 is installed OR SUSE Linux Enterprise Server 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND rubygem-rack-1_4 is affected
Definition Synopsis
Release Information SUSE Linux Enterprise High Availability 15 is installed OR SUSE Linux Enterprise High Availability 15 SP1 is installed AND ruby2.5-rubygem-rack-2.0.8-3.3.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise High Availability 15 SP1 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP1 is installed OR SUSE Linux Enterprise Server 15 SP1 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed OR SUSE Manager Proxy 4.0 is installed OR SUSE Manager Retail Branch Server 4.0 is installed OR SUSE Manager Server 4.0 is installed AND ruby2.5-rubygem-rack-2.0.8-3.3.1 is installed

BACK