OVAL Reference oval:org.opensuse.security:def:59232

Oval Definition:

oval:org.opensuse.security:def:59232

Revision Date:	2020-12-01	Version:	1
Title:	Security update for ruby2.1 (Important)
Description:	This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275)
Family:	unix	Class:	patch
Status:		Reference(s):	1012382 1031717 1043983 1046610 1048072 1055265 1056286 1056782 1057734 1058754 1058755 1058757 1062452 1069607 1069632 1070536 1073002 1075428 1076847 1077560 1078782 1082007 1082008 1082009 1082010 1082011 1082014 1082058 1082153 1082299 1083125 1083745 1083836 1084353 1084610 1084721 1084829 1085042 1085185 1085224 1085402 1085404 1086162 1086194 1087088 1087260 1087433 1087434 1087436 1087437 1087440 1087441 1087845 1088241 1088242 1088600 1088684 1089198 1089608 1089644 1089752 1090643 1109160 1112530 1112532 1118367 1118368 1130611 1130617 1130620 1130622 1130623 1130627 1144902 1149496 1150733 1152990 1152992 1152994 1152995 1154862 1155089 1159913 1160398 1160968 1165631 1169511 1171517 1171740 1172275 1174421 1176496 1176764 1177513 CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2013-7490 CVE-2015-8605 CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-1002201 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-18257 CVE-2017-8779 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-16395 CVE-2018-16396 CVE-2018-5741 CVE-2018-6914 CVE-2018-7740 CVE-2018-8043 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 CVE-2019-10218 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-17498 CVE-2019-20919 CVE-2019-3689 CVE-2019-5108 CVE-2019-5482 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 CVE-2020-15705 CVE-2020-1749 CVE-2020-25645 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2020-8616 CVE-2020-8617 SUSE-SU-2018:1173-2 SUSE-SU-2019:2339-2 SUSE-SU-2019:2893-1 SUSE-SU-2019:2932-1 SUSE-SU-2019:2936-1 SUSE-SU-2020:1570-1 SUSE-SU-2020:1686-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:2308-1 SUSE-SU-2020:2856-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information libldap-2_4-2-2.4.46-lp150.7 is installed OR libldap-2_4-2-32bit-2.4.46-lp150.7 is installed OR libldap-data-2.4.46-lp150.7 is installed OR openldap2-client-2.4.46-lp150.7 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information java-11-openjdk-11.0.6.0-lp151.3.12 is installed OR java-11-openjdk-accessibility-11.0.6.0-lp151.3.12 is installed OR java-11-openjdk-demo-11.0.6.0-lp151.3.12 is installed OR java-11-openjdk-devel-11.0.6.0-lp151.3.12 is installed OR java-11-openjdk-headless-11.0.6.0-lp151.3.12 is installed OR java-11-openjdk-javadoc-11.0.6.0-lp151.3.12 is installed OR java-11-openjdk-jmods-11.0.6.0-lp151.3.12 is installed OR java-11-openjdk-src-11.0.6.0-lp151.3.12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information kernel-default-4.4.121-92.73 is installed OR kernel-default-base-4.4.121-92.73 is installed OR kernel-default-devel-4.4.121-92.73 is installed OR kernel-devel-4.4.121-92.73 is installed OR kernel-macros-4.4.121-92.73 is installed OR kernel-source-4.4.121-92.73 is installed OR kernel-syms-4.4.121-92.73 is installed OR kgraft-patch-4_4_121-92_73-default-1-3.3 is installed OR kgraft-patch-SLE12-SP2_Update_21-1-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information nfs-client-1.3.0-34.22 is installed OR nfs-doc-1.3.0-34.22 is installed OR nfs-kernel-server-1.3.0-34.22 is installed OR nfs-utils-1.3.0-34.22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information libruby2_1-2_1-2.1.9-19.3 is installed OR ruby2.1-2.1.9-19.3 is installed OR ruby2.1-stdlib-2.1.9-19.3 is installed OR yast2-ruby-bindings-3.1.53-9.8 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information dhcp-4.3.3-9 is installed OR dhcp-client-4.3.3-9 is installed OR dhcp-relay-4.3.3-9 is installed OR dhcp-server-4.3.3-9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ibus-1.5.13-15.11 is installed OR ibus-gtk-1.5.13-15.11 is installed OR ibus-gtk3-1.5.13-15.11 is installed OR ibus-lang-1.5.13-15.11 is installed OR libibus-1_0-5-1.5.13-15.11 is installed OR typelib-1_0-IBus-1_0-1.5.13-15.11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed OR libwebkit2gtk3-lang-2.24.4-2.47 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed OR webkit2gtk3-2.24.4-2.47 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information java-1_7_0-openjdk-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libdcerpc-binding0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc-binding0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libdcerpc0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-krb5pac0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-krb5pac0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-nbt0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-nbt0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-standard0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr-standard0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libndr0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libnetapi0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libnetapi0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-credentials0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-credentials0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-errors0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-errors0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-hostconfig0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-hostconfig0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-passdb0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-passdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-util0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamba-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamdb0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsamdb0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbclient0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbconf0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbconf0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbldap0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libsmbldap0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libtevent-util0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libtevent-util0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libwbclient0-4.6.14+git.157.c2d53c2b191-3.29 is installed OR libwbclient0-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-client-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-client-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-doc-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-libs-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-libs-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-winbind-4.6.14+git.157.c2d53c2b191-3.29 is installed OR samba-winbind-32bit-4.6.14+git.157.c2d53c2b191-3.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information jakarta-commons-fileupload-1.1.1-120 is installed OR jakarta-commons-fileupload-javadoc-1.1.1-120 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information java-1_8_0-openjdk-1.8.0.252-27.45 is installed OR java-1_8_0-openjdk-demo-1.8.0.252-27.45 is installed OR java-1_8_0-openjdk-devel-1.8.0.252-27.45 is installed OR java-1_8_0-openjdk-headless-1.8.0.252-27.45 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.4-2.59 is installed OR libwebkit2gtk-4_0-37-2.28.4-2.59 is installed OR libwebkit2gtk3-lang-2.28.4-2.59 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59 is installed OR typelib-1_0-WebKit2-4_0-2.28.4-2.59 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59 is installed OR webkit2gtk-4_0-injected-bundles-2.28.4-2.59 is installed OR webkit2gtk3-2.28.4-2.59 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND nodejs6-6.17.0-11.27 is installed

BACK