Oval Definition:	oval:org.opensuse.security:def:56287
Revision Date: 2020-12-01 Version: 1 Title: Security update for ruby2.1 (Important) Description: This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog Family: unix Class: patch Status: Reference(s): 1014863 1018808 1020427 1021741 1025109 1025311 1027197 1028103 1028184 1028656 1030624 1032075 1034866 1034908 1035406 1035807 1035950 1036211 1036457 1037242 1037334 1037336 1039495 1042159 1042800 1042801 1043073 1043296 1045035 1046636 1047674 1048902 1049381 1054724 1056334 1057378 1057585 1062069 1063122 1079600 1082858 1101410 1101412 1101654 1103040 1128829 1128963 887877 900914 909695 915410 926974 936032 959495 979302 979981 981422 982056 982064 982065 982066 982067 982068 986630 994418 994605 CVE-2009-2285 CVE-2009-2347 CVE-2010-0407 CVE-2010-1205 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4531 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-1173 CVE-2012-2113 CVE-2012-3386 CVE-2012-3401 CVE-2012-3466 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-1985 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2013-6369 CVE-2013-7353 CVE-2013-7354 CVE-2014-4975 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-8169 CVE-2014-8242 CVE-2014-9512 CVE-2014-9622 CVE-2014-9655 CVE-2015-1547 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2015-7981 CVE-2015-8126 CVE-2016-1000031 CVE-2016-10244 CVE-2016-2339 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 CVE-2016-6834 CVE-2016-6835 CVE-2016-9602 CVE-2016-9603 CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11334 CVE-2017-11434 CVE-2017-12809 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-5579 CVE-2017-5973 CVE-2017-5987 CVE-2017-6318 CVE-2017-6505 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7864 CVE-2017-7980 CVE-2017-8086 CVE-2017-8105 CVE-2017-8112 CVE-2017-8287 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 SUSE-SU-2016:0176-1 SUSE-SU-2016:1563-1 SUSE-SU-2017:0713-1 SUSE-SU-2017:1067-1 SUSE-SU-2017:2946-1 SUSE-SU-2018:0414-1 SUSE-SU-2018:2323-1 SUSE-SU-2019:1214-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information kernel-firmware-20180416-lp150.1 is installed OR ucode-amd-20180416-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libu2f-host-1.1.6-lp151.2.3 is installed OR libu2f-host-devel-1.1.6-lp151.2.3 is installed OR libu2f-host-doc-1.1.6-lp151.2.3 is installed OR libu2f-host0-1.1.6-lp151.2.3 is installed OR u2f-host-1.1.6-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND rsync-3.0.4-2.49 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libruby2_1-2_1-2.1.9-15 is installed OR ruby2.1-2.1.9-15 is installed OR ruby2.1-stdlib-2.1.9-15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information gnome-keyring-3.10.1-11 is installed OR gnome-keyring-32bit-3.10.1-11 is installed OR gnome-keyring-lang-3.10.1-11 is installed OR gnome-keyring-pam-3.10.1-11 is installed OR gnome-keyring-pam-32bit-3.10.1-11 is installed OR libgck-modules-gnome-keyring-3.10.1-11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND clamav-0.100.1-33.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND autofs-5.0.9-21 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information dovecot22-2.2.31-19.11 is installed OR dovecot22-backend-mysql-2.2.31-19.11 is installed OR dovecot22-backend-pgsql-2.2.31-19.11 is installed OR dovecot22-backend-sqlite-2.2.31-19.11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-3-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-3-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND perl-DBD-mysql-4.021-11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_175-94_79-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_23-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND apache2-mod_jk-1.2.40-7.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information coreutils-8.25-13.7 is installed OR coreutils-lang-8.25-13.7 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information qemu-2.3.1-33.3 is installed OR qemu-block-curl-2.3.1-33.3 is installed OR qemu-block-rbd-2.3.1-33.3 is installed OR qemu-guest-agent-2.3.1-33.3 is installed OR qemu-ipxe-1.0.0-33.3 is installed OR qemu-kvm-2.3.1-33.3 is installed OR qemu-lang-2.3.1-33.3 is installed OR qemu-seabios-1.8.1-33.3 is installed OR qemu-sgabios-8-33.3 is installed OR qemu-tools-2.3.1-33.3 is installed OR qemu-vgabios-1.8.1-33.3 is installed OR qemu-x86-2.3.1-33.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libvirt-2.0.0-27.42 is installed OR libvirt-client-2.0.0-27.42 is installed OR libvirt-daemon-2.0.0-27.42 is installed OR libvirt-daemon-config-network-2.0.0-27.42 is installed OR libvirt-daemon-config-nwfilter-2.0.0-27.42 is installed OR libvirt-daemon-driver-interface-2.0.0-27.42 is installed OR libvirt-daemon-driver-libxl-2.0.0-27.42 is installed OR libvirt-daemon-driver-lxc-2.0.0-27.42 is installed OR libvirt-daemon-driver-network-2.0.0-27.42 is installed OR libvirt-daemon-driver-nodedev-2.0.0-27.42 is installed OR libvirt-daemon-driver-nwfilter-2.0.0-27.42 is installed OR libvirt-daemon-driver-qemu-2.0.0-27.42 is installed OR libvirt-daemon-driver-secret-2.0.0-27.42 is installed OR libvirt-daemon-driver-storage-2.0.0-27.42 is installed OR libvirt-daemon-hooks-2.0.0-27.42 is installed OR libvirt-daemon-lxc-2.0.0-27.42 is installed OR libvirt-daemon-qemu-2.0.0-27.42 is installed OR libvirt-daemon-xen-2.0.0-27.42 is installed OR libvirt-doc-2.0.0-27.42 is installed OR libvirt-lock-sanlock-2.0.0-27.42 is installed OR libvirt-nss-2.0.0-27.42 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr6.5-30.63 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63 is installed OR java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1569587091.3f083d63c-3.10 is installed OR crowbar-core-branding-upstream-6.0+git.1569587091.3f083d63c-3.10 is installed OR crowbar-ha-6.0+git.1567673476.1342c3d-3.10 is installed OR crowbar-openstack-6.0+git.1569805311.a94583476-3.10 is installed OR crowbar-ui-1.3.0+git.1568396400.0344a727-11 is installed OR grafana-6.2.5-3.6 is installed OR grafana-monasca-ui-drilldown-1.14.1~dev9-3.6 is installed OR novnc-1.1.0-3.3 is installed OR openstack-cinder-13.0.7~dev16-3.10 is installed OR openstack-cinder-api-13.0.7~dev16-3.10 is installed OR openstack-cinder-backup-13.0.7~dev16-3.10 is installed OR openstack-cinder-scheduler-13.0.7~dev16-3.10 is installed OR openstack-cinder-volume-13.0.7~dev16-3.10 is installed OR openstack-dashboard-14.0.4~dev11-3.6 is installed OR openstack-designate-7.0.1~dev22-3.10 is installed OR openstack-designate-agent-7.0.1~dev22-3.10 is installed OR openstack-designate-api-7.0.1~dev22-3.10 is installed OR openstack-designate-central-7.0.1~dev22-3.10 is installed OR openstack-designate-producer-7.0.1~dev22-3.10 is installed OR openstack-designate-sink-7.0.1~dev22-3.10 is installed OR openstack-designate-worker-7.0.1~dev22-3.10 is installed OR openstack-glance-17.0.1~dev30-3.3 is installed OR openstack-glance-api-17.0.1~dev30-3.3 is installed OR openstack-heat-11.0.3~dev23-3.10 is installed OR openstack-heat-api-11.0.3~dev23-3.10 is installed OR openstack-heat-api-cfn-11.0.3~dev23-3.10 is installed OR openstack-heat-engine-11.0.3~dev23-3.10 is installed OR openstack-heat-plugin-heat_docker-11.0.3~dev23-3.10 is installed OR openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.6 is installed OR openstack-horizon-plugin-monasca-ui-1.14.1~dev9-3.6 is installed OR openstack-ironic-11.1.4~dev15-3.10 is installed OR openstack-ironic-api-11.1.4~dev15-3.10 is installed OR openstack-ironic-conductor-11.1.4~dev15-3.10 is installed OR openstack-ironic-python-agent-3.3.3~dev5-3.10 is installed OR openstack-keystone-14.1.1~dev16-3.10 is installed OR openstack-manila-7.3.1~dev6-4.10 is installed OR openstack-manila-api-7.3.1~dev6-4.10 is installed OR openstack-manila-data-7.3.1~dev6-4.10 is installed OR openstack-manila-scheduler-7.3.1~dev6-4.10 is installed OR openstack-manila-share-7.3.1~dev6-4.10 is installed OR openstack-neutron-13.0.5~dev50-3.10 is installed OR openstack-neutron-dhcp-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-gbp-5.0.1~dev472-3.10 is installed OR openstack-neutron-ha-tool-13.0.5~dev50-3.10 is installed OR openstack-neutron-l3-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-linuxbridge-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-macvtap-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-metadata-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-metering-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-openvswitch-agent-13.0.5~dev50-3.10 is installed OR openstack-neutron-server-13.0.5~dev50-3.10 is installed OR openstack-nova-18.2.3~dev22-3.10 is installed OR openstack-nova-api-18.2.3~dev22-3.10 is installed OR openstack-nova-cells-18.2.3~dev22-3.10 is installed OR openstack-nova-compute-18.2.3~dev22-3.10 is installed OR openstack-nova-conductor-18.2.3~dev22-3.10 is installed OR openstack-nova-console-18.2.3~dev22-3.10 is installed OR openstack-nova-novncproxy-18.2.3~dev22-3.10 is installed OR openstack-nova-placement-api-18.2.3~dev22-3.10 is installed OR openstack-nova-scheduler-18.2.3~dev22-3.10 is installed OR openstack-nova-serialproxy-18.2.3~dev22-3.10 is installed OR openstack-nova-vncproxy-18.2.3~dev22-3.10 is installed OR openstack-octavia-3.1.2~dev45-3.10 is installed OR openstack-octavia-amphora-agent-3.1.2~dev45-3.10 is installed OR openstack-octavia-api-3.1.2~dev45-3.10 is installed OR openstack-octavia-health-manager-3.1.2~dev45-3.10 is installed OR openstack-octavia-housekeeping-3.1.2~dev45-3.10 is installed OR openstack-octavia-worker-3.1.2~dev45-3.10 is installed OR openstack-sahara-9.0.2~dev12-3.3 is installed OR openstack-sahara-api-9.0.2~dev12-3.3 is installed OR openstack-sahara-engine-9.0.2~dev12-3.3 is installed OR openstack-tempest-19.0.0-15 is installed OR openstack-tempest-test-19.0.0-15 is installed OR openstack-watcher-1.12.1~dev19-4.3 is installed OR openstack-watcher-doc-1.12.1~dev19-4.3 is installed OR python-cinder-13.0.7~dev16-3.10 is installed OR python-cinder-tempest-plugin-0.1.0-11 is installed OR python-designate-7.0.1~dev22-3.10 is installed OR python-glance-17.0.1~dev30-3.3 is installed OR python-heat-11.0.3~dev23-3.10 is installed OR python-horizon-14.0.4~dev11-3.6 is installed OR python-horizon-plugin-heat-ui-1.4.1~dev4-4.6 is installed OR python-horizon-plugin-monasca-ui-1.14.1~dev9-3.6 is installed OR python-ironic-11.1.4~dev15-3.10 is installed OR python-keystone-14.1.1~dev16-3.10 is installed OR python-manila-7.3.1~dev6-4.10 is installed OR python-neutron-13.0.5~dev50-3.10 is installed OR python-neutron-gbp-5.0.1~dev472-3.10 is installed OR python-nova-18.2.3~dev22-3.10 is installed OR python-octavia-3.1.2~dev45-3.10 is installed OR python-openstack_auth-14.0.4~dev11-3.6 is installed OR python-sahara-9.0.2~dev12-3.3 is installed OR python-tempest-19.0.0-15 is installed OR python-urllib3-1.23-3.9 is installed OR python-watcher-1.12.1~dev19-4.3 is installed OR ruby2.1-rubygem-easy_diff-1.0.0-4.3 is installed OR rubygem-easy_diff-1.0.0-4.3 is installed
BACK