Oval Definition:oval:org.opensuse.security:def:5028
Revision Date:2020-12-02Version:1
Title:Security update for rubygem-sprockets (Moderate)
Description:

This update for rubygem-sprockets fixes the following issues:

The following security vulnerability was addressed:

- CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files (bsc#1098369)
Family:unixClass:patch
Status:Reference(s):1051510
1055117
1071995
1083647
1083710
1098369
1102247
1119222
1123080
1127034
1127315
1129770
1130972
1133021
1134097
1134390
1134399
1135335
1135642
1137458
1137534
1137535
1137584
1137609
1137827
1139358
1140133
1140322
1140652
1140903
1140945
1141401
1141402
1141452
1141453
1141454
1141478
1142023
1142112
1142220
1142221
1142254
1142350
1142351
1142354
1142359
1142450
1142701
1142868
1143003
1143045
1143105
1143185
1143189
1143191
1143507
1169679
1169748
1171441
1171443
1171444
1171445
1171446
1171447
1171474
1172402
1173247
1173605
1174200
1175686
1178894
CVE-2006-0855
CVE-2007-1669
CVE-2010-2800
CVE-2010-2801
CVE-2010-3170
CVE-2010-4352
CVE-2010-4352
CVE-2011-3389
CVE-2011-3389
CVE-2011-3640
CVE-2011-4944
CVE-2012-0247
CVE-2012-0248
CVE-2012-0845
CVE-2012-1150
CVE-2012-1185
CVE-2012-1186
CVE-2012-2369
CVE-2012-3524
CVE-2012-3524
CVE-2013-0743
CVE-2013-0791
CVE-2013-1620
CVE-2013-1739
CVE-2013-1740
CVE-2013-1752
CVE-2013-2168
CVE-2013-2168
CVE-2013-4238
CVE-2013-5605
CVE-2014-1492
CVE-2014-1568
CVE-2014-2667
CVE-2014-3477
CVE-2014-3477
CVE-2014-3532
CVE-2014-3532
CVE-2014-3533
CVE-2014-3533
CVE-2014-3635
CVE-2014-3635
CVE-2014-3636
CVE-2014-3636
CVE-2014-3637
CVE-2014-3637
CVE-2014-3638
CVE-2014-3638
CVE-2014-3639
CVE-2014-3639
CVE-2014-4650
CVE-2014-5044
CVE-2014-7824
CVE-2014-8148
CVE-2015-0245
CVE-2015-5276
CVE-2018-20855
CVE-2018-3760
CVE-2019-1125
CVE-2019-11810
CVE-2019-13631
CVE-2019-13648
CVE-2019-14283
CVE-2019-14284
CVE-2020-11017
CVE-2020-11018
CVE-2020-11019
CVE-2020-11038
CVE-2020-11039
CVE-2020-11040
CVE-2020-11041
CVE-2020-11043
CVE-2020-11085
CVE-2020-11086
CVE-2020-11087
CVE-2020-11088
CVE-2020-11089
CVE-2020-11095
CVE-2020-11096
CVE-2020-11097
CVE-2020-11098
CVE-2020-11099
CVE-2020-11521
CVE-2020-11522
CVE-2020-11523
CVE-2020-11524
CVE-2020-11525
CVE-2020-11526
CVE-2020-12398
CVE-2020-12405
CVE-2020-12406
CVE-2020-12410
CVE-2020-13396
CVE-2020-13397
CVE-2020-13398
CVE-2020-15663
CVE-2020-15664
CVE-2020-15669
CVE-2020-15999
CVE-2020-16012
CVE-2020-26951
CVE-2020-26953
CVE-2020-26956
CVE-2020-26958
CVE-2020-26959
CVE-2020-26960
CVE-2020-26961
CVE-2020-26965
CVE-2020-26966
CVE-2020-26968
CVE-2020-4030
CVE-2020-4031
CVE-2020-4032
CVE-2020-4033
SUSE-SU-2018:1994-1
SUSE-SU-2020:1591-2
SUSE-SU-2020:2068-1
SUSE-SU-2020:2552-1
SUSE-SU-2020:3528-1
Platform(s):SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise High Availability 12
SUSE Linux Enterprise High Availability 12 SP1
SUSE Linux Enterprise High Availability 12 SP2
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Availability 12 SP4
SUSE Linux Enterprise High Availability 12 SP5
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Module for Legacy Software 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Point of Sale 12 SP2
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for Rasperry Pi 12 SP2
SUSE Linux Enterprise Server for VMWare 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE OpenStack Cloud 5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • gpg2-2.0.9-25.33.37.1 is installed
  • OR gpg2-lang-2.0.9-25.33.37.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • libgcrypt-1.5.0-0.19.1 is installed
  • OR libgcrypt11-1.5.0-0.19.1 is installed
  • OR libgcrypt11-32bit-1.5.0-0.19.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-5 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-5 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-5 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-5 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • cpp48-4.8.5-24 is installed
  • OR gcc48-4.8.5-24 is installed
  • OR gcc48-32bit-4.8.5-24 is installed
  • OR gcc48-c++-4.8.5-24 is installed
  • OR gcc48-gij-4.8.5-24 is installed
  • OR gcc48-gij-32bit-4.8.5-24 is installed
  • OR gcc48-info-4.8.5-24 is installed
  • OR libasan0-4.8.5-24 is installed
  • OR libasan0-32bit-4.8.5-24 is installed
  • OR libgcj48-4.8.5-24 is installed
  • OR libgcj48-32bit-4.8.5-24 is installed
  • OR libgcj48-jar-4.8.5-24 is installed
  • OR libgcj_bc1-4.8.5-24 is installed
  • OR libstdc++48-devel-4.8.5-24 is installed
  • OR libstdc++48-devel-32bit-4.8.5-24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • MozillaFirefox-45.4.0esr-81 is installed
  • OR MozillaFirefox-translations-45.4.0esr-81 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • aaa_base-13.2+git20140911.61c1681-36 is installed
  • OR aaa_base-extras-13.2+git20140911.61c1681-36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • glibc-2.22-15 is installed
  • OR glibc-32bit-2.22-15 is installed
  • OR glibc-devel-2.22-15 is installed
  • OR glibc-devel-32bit-2.22-15 is installed
  • OR glibc-i18ndata-2.22-15 is installed
  • OR glibc-locale-2.22-15 is installed
  • OR glibc-locale-32bit-2.22-15 is installed
  • OR nscd-2.22-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 is installed
  • AND haproxy-1.5.4-2.4.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP1 is installed
  • AND Package Information
  • ctdb-4.2.4-28.3.1 is installed
  • OR samba-4.2.4-28.3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND Package Information
  • libpacemaker3-1.1.15-19 is installed
  • OR pacemaker-1.1.15-19 is installed
  • OR pacemaker-cli-1.1.15-19 is installed
  • OR pacemaker-cts-1.1.15-19 is installed
  • OR pacemaker-remote-1.1.15-19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND Package Information
  • ctdb-4.6.7+git.51.327af8d0a11-3.12.1 is installed
  • OR samba-4.6.7+git.51.327af8d0a11-3.12.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP4 is installed
  • AND libpcreposix0-8.39-8.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP5 is installed
  • AND Package Information
  • corosync-2.3.6-9.13 is installed
  • OR libcorosync4-2.3.6-9.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 is installed
  • AND Package Information
  • ruby2.5-rubygem-sprockets-3.7.2-3.3 is installed
  • OR rubygem-sprockets-3.7.2-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • AND Package Information
  • MozillaFirefox-68.1.0-109.92 is installed
  • OR MozillaFirefox-translations-common-68.1.0-109.92 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 is installed
  • AND Package Information
  • kgraft-patch-3_12_38-44-default-1-2.2 is installed
  • OR kgraft-patch-3_12_38-44-xen-1-2.2 is installed
  • OR kgraft-patch-SLE12_Update_3-1-2.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 12 is installed
  • AND Package Information
  • sles12-docker-image-1.1.2-20160727 is installed
  • OR sles12sp1-docker-image-1.0.5-20160727 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 12 is installed
  • AND Package Information
  • cups154-1.5.4-5.1 is installed
  • OR cups154-client-1.5.4-5.1 is installed
  • OR cups154-filters-1.5.4-5.1 is installed
  • OR cups154-libs-1.5.4-5.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 12 is installed
  • AND Package Information
  • kernel-ec2-3.12.39-47.1 is installed
  • OR kernel-ec2-devel-3.12.39-47.1 is installed
  • OR kernel-ec2-extra-3.12.39-47.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND Package Information
  • apache2-mod_php5-5.5.14-4 is installed
  • OR php5-5.5.14-4 is installed
  • OR php5-bcmath-5.5.14-4 is installed
  • OR php5-bz2-5.5.14-4 is installed
  • OR php5-calendar-5.5.14-4 is installed
  • OR php5-ctype-5.5.14-4 is installed
  • OR php5-curl-5.5.14-4 is installed
  • OR php5-dba-5.5.14-4 is installed
  • OR php5-dom-5.5.14-4 is installed
  • OR php5-enchant-5.5.14-4 is installed
  • OR php5-exif-5.5.14-4 is installed
  • OR php5-fastcgi-5.5.14-4 is installed
  • OR php5-fileinfo-5.5.14-4 is installed
  • OR php5-fpm-5.5.14-4 is installed
  • OR php5-ftp-5.5.14-4 is installed
  • OR php5-gd-5.5.14-4 is installed
  • OR php5-gettext-5.5.14-4 is installed
  • OR php5-gmp-5.5.14-4 is installed
  • OR php5-iconv-5.5.14-4 is installed
  • OR php5-intl-5.5.14-4 is installed
  • OR php5-json-5.5.14-4 is installed
  • OR php5-ldap-5.5.14-4 is installed
  • OR php5-mbstring-5.5.14-4 is installed
  • OR php5-mcrypt-5.5.14-4 is installed
  • OR php5-mysql-5.5.14-4 is installed
  • OR php5-odbc-5.5.14-4 is installed
  • OR php5-openssl-5.5.14-4 is installed
  • OR php5-pcntl-5.5.14-4 is installed
  • OR php5-pdo-5.5.14-4 is installed
  • OR php5-pear-5.5.14-4 is installed
  • OR php5-pgsql-5.5.14-4 is installed
  • OR php5-pspell-5.5.14-4 is installed
  • OR php5-shmop-5.5.14-4 is installed
  • OR php5-snmp-5.5.14-4 is installed
  • OR php5-soap-5.5.14-4 is installed
  • OR php5-sockets-5.5.14-4 is installed
  • OR php5-sqlite-5.5.14-4 is installed
  • OR php5-suhosin-5.5.14-4 is installed
  • OR php5-sysvmsg-5.5.14-4 is installed
  • OR php5-sysvsem-5.5.14-4 is installed
  • OR php5-sysvshm-5.5.14-4 is installed
  • OR php5-tokenizer-5.5.14-4 is installed
  • OR php5-wddx-5.5.14-4 is installed
  • OR php5-xmlreader-5.5.14-4 is installed
  • OR php5-xmlrpc-5.5.14-4 is installed
  • OR php5-xmlwriter-5.5.14-4 is installed
  • OR php5-xsl-5.5.14-4 is installed
  • OR php5-zip-5.5.14-4 is installed
  • OR php5-zlib-5.5.14-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Point of Sale 12 SP2 is installed
  • AND Package Information
  • salt-2016.11.4-45.2 is installed
  • OR salt-minion-2016.11.4-45.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND Package Information
  • kde4-kgreeter-plugins-4.3.5-0.12.12.1 is installed
  • OR kdebase4-wallpapers-4.3.5-0.8.40 is installed
  • OR kdebase4-workspace-4.3.5-0.12.12.1 is installed
  • OR kdebase4-workspace-ksysguardd-4.3.5-0.12.12.1 is installed
  • OR kdm-4.3.5-0.12.12.1 is installed
  • OR kwin-4.3.5-0.12.12.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3-LTSS is installed
  • AND wget-1.11.4-1.32.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND Package Information
  • MozillaFirefox-31.7.0esr-0.8.1 is installed
  • OR MozillaFirefox-translations-31.7.0esr-0.8.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • cpio-2.11-26 is installed
  • OR cpio-lang-2.11-26 is installed
  • OR tar-1.27.1-2 is installed
  • OR tar-lang-1.27.1-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • MozillaFirefox-45.2.0esr-75.2 is installed
  • OR MozillaFirefox-branding-SLE-45.0-28.2 is installed
  • OR MozillaFirefox-translations-45.2.0esr-75.2 is installed
  • OR libfreebl3-3.21.1-46.2 is installed
  • OR libfreebl3-32bit-3.21.1-46.2 is installed
  • OR libfreebl3-hmac-3.21.1-46.2 is installed
  • OR libfreebl3-hmac-32bit-3.21.1-46.2 is installed
  • OR libsoftokn3-3.21.1-46.2 is installed
  • OR libsoftokn3-32bit-3.21.1-46.2 is installed
  • OR libsoftokn3-hmac-3.21.1-46.2 is installed
  • OR libsoftokn3-hmac-32bit-3.21.1-46.2 is installed
  • OR mozilla-nspr-4.12-15.2 is installed
  • OR mozilla-nspr-32bit-4.12-15.2 is installed
  • OR mozilla-nss-3.21.1-46.2 is installed
  • OR mozilla-nss-32bit-3.21.1-46.2 is installed
  • OR mozilla-nss-certs-3.21.1-46.2 is installed
  • OR mozilla-nss-certs-32bit-3.21.1-46.2 is installed
  • OR mozilla-nss-sysinit-3.21.1-46.2 is installed
  • OR mozilla-nss-sysinit-32bit-3.21.1-46.2 is installed
  • OR mozilla-nss-tools-3.21.1-46.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libXext6-1.3.2-3 is installed
  • OR libXext6-32bit-1.3.2-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • MozillaFirefox-52.2.0esr-108 is installed
  • OR MozillaFirefox-translations-52.2.0esr-108 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cups-pk-helper-0.2.5-5 is installed
  • OR cups-pk-helper-lang-0.2.5-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_55-52_42-default-2-2.2 is installed
  • OR kgraft-patch-3_12_55-52_42-xen-2-2.2 is installed
  • OR kgraft-patch-SLE12_Update_12-2-2.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND Package Information
  • libsystemd0-228-132 is installed
  • OR libudev1-228-132 is installed
  • OR systemd-228-132 is installed
  • OR systemd-bash-completion-228-132 is installed
  • OR systemd-sysvinit-228-132 is installed
  • OR udev-228-132 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • libvirt-1.2.5-12.3 is installed
  • OR libvirt-devel-1.2.5-12.3 is installed
  • OR libvirt-devel-32bit-1.2.5-12.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP1 is installed
  • AND Package Information
  • libpcp-devel-3.6.10-4 is installed
  • OR libpcp3-3.6.10-4 is installed
  • OR pcp-3.6.10-4 is installed
  • OR pcp-import-iostat2pcp-3.6.10-4 is installed
  • OR pcp-import-mrtg2pcp-3.6.10-4 is installed
  • OR pcp-import-sar2pcp-3.6.10-4 is installed
  • OR pcp-import-sheet2pcp-3.6.10-4 is installed
  • OR perl-PCP-LogImport-3.6.10-4 is installed
  • OR perl-PCP-LogSummary-3.6.10-4 is installed
  • OR perl-PCP-MMV-3.6.10-4 is installed
  • OR perl-PCP-PMDA-3.6.10-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND MozillaFirefox-devel-45.4.0esr-81 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
  • AND alsa-devel-1.0.27.2-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 is installed
  • AND Package Information
  • flash-player-11.2.202.425-19.1 is installed
  • OR flash-player-gnome-11.2.202.425-19.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP1 is installed
  • AND Package Information
  • gimp-2.8.10-7.8 is installed
  • OR gimp-lang-2.8.10-7.8 is installed
  • OR gimp-plugins-python-2.8.10-7.8 is installed
  • OR libgimp-2_0-0-2.8.10-7.8 is installed
  • OR libgimpui-2_0-0-2.8.10-7.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-68.12.0-3.94 is installed
  • OR MozillaThunderbird-translations-common-68.12.0-3.94 is installed
  • OR MozillaThunderbird-translations-other-68.12.0-3.94 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • MozillaThunderbird-68.9.0-3.85 is installed
  • OR MozillaThunderbird-translations-common-68.9.0-3.85 is installed
  • OR MozillaThunderbird-translations-other-68.9.0-3.85 is installed
    • BACK