OVAL Reference oval:org.opensuse.security:def:60701

Oval Definition:

oval:org.opensuse.security:def:60701

Revision Date:	2020-12-01	Version:	1
Title:	Security update for ruby2.1 (Important)
Description:	This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275)
Family:	unix	Class:	patch
Status:		Reference(s):	1039034 1043983 1047536 1048072 1049399 1049404 1049417 1051510 1054591 1055265 1056286 1056782 1058754 1058755 1058757 1062452 1069607 1069632 1072665 1073002 1078782 1082007 1082008 1082009 1082010 1082011 1082014 1082023 1082058 1084878 1087433 1087434 1087436 1087437 1087440 1087441 1088279 1088601 1095189 1095825 1095826 1095827 1095945 1097103 1102046 1105166 1108308 1112530 1112532 1117665 1123886 1128481 1130611 1130617 1130620 1130622 1130623 1130627 1131107 1133140 1135966 1135967 1136261 1136570 1137865 1139073 1140671 1141013 1141054 1141670 1142458 1143187 1144123 1144903 1145477 1146042 1146163 1146285 1146361 1146378 1146391 1146413 1146425 1146512 1146514 1146516 1146519 1146524 1146526 1146529 1146540 1146543 1146547 1146550 1146584 1146589 1147022 1147122 1148394 1148938 1149083 1149376 1149522 1149527 1149555 1149612 1150025 1150112 1150452 1150457 1150465 1150727 1150942 1151347 1151350 1152685 1152782 1152788 1152990 1152992 1152994 1152995 1153158 1153263 1154103 1154372 1155131 1155671 1158785 1158787 1158788 1158789 1158790 1158791 1158792 1158793 1158795 1160594 1160764 1160968 1161779 1163922 1163933 1169511 1171352 1171517 1172275 1172277 1172437 1173455 1176496 1176764 1177158 814241 879138 CVE-2013-7490 CVE-2015-9096 CVE-2015-9542 CVE-2016-10906 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-18258 CVE-2017-18379 CVE-2017-18509 CVE-2017-18551 CVE-2017-18595 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 CVE-2018-12207 CVE-2018-14404 CVE-2018-14567 CVE-2018-16395 CVE-2018-16396 CVE-2018-20976 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-9251 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-13272 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505 CVE-2019-15666 CVE-2019-15807 CVE-2019-15845 CVE-2019-15902 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-16201 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16254 CVE-2019-16255 CVE-2019-16413 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-19604 CVE-2019-20919 CVE-2019-2949 CVE-2019-3860 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2019-9456 CVE-2019-9506 CVE-2020-10663 CVE-2020-10757 CVE-2020-14355 CVE-2020-15049 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2020-8013 SUSE-SU-2017:2744-1 SUSE-SU-2018:0079-1 SUSE-SU-2019:1606-2 SUSE-SU-2019:2949-1 SUSE-SU-2019:3311-1 SUSE-SU-2020:0545-1 SUSE-SU-2020:1117-1 SUSE-SU-2020:1570-1 SUSE-SU-2020:1946-1 SUSE-SU-2020:2856-1 SUSE-SU-2020:3084-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.2 NonFree SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information ImageMagick-7.0.7.34-lp150.2.15 is installed OR ImageMagick-devel-7.0.7.34-lp150.2.15 is installed OR ImageMagick-devel-32bit-7.0.7.34-lp150.2.15 is installed OR ImageMagick-doc-7.0.7.34-lp150.2.15 is installed OR ImageMagick-extra-7.0.7.34-lp150.2.15 is installed OR libMagick++-7_Q16HDRI4-7.0.7.34-lp150.2.15 is installed OR libMagick++-7_Q16HDRI4-32bit-7.0.7.34-lp150.2.15 is installed OR libMagick++-devel-7.0.7.34-lp150.2.15 is installed OR libMagick++-devel-32bit-7.0.7.34-lp150.2.15 is installed OR libMagickCore-7_Q16HDRI6-7.0.7.34-lp150.2.15 is installed OR libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.15 is installed OR libMagickWand-7_Q16HDRI6-7.0.7.34-lp150.2.15 is installed OR libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-lp150.2.15 is installed OR perl-PerlMagick-7.0.7.34-lp150.2.15 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information mumble-1.2.19-9 is installed OR mumble-32bit-1.2.19-lp151.4.6 is installed OR mumble-server-1.2.19-9 is installed
Definition Synopsis
openSUSE Leap 15.2 NonFree is installed AND opera-68.0.3618.104-lp152.2.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information xerces-j2-2.8.1-268.6 is installed OR xerces-j2-xml-apis-2.8.1-268.6 is installed OR xerces-j2-xml-resolver-2.8.1-268.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information git-2.12.3-27.22 is installed OR git-core-2.12.3-27.22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr6.10-30.69 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr6.10-30.69 is installed OR java-1_8_0-ibm-devel-1.8.0_sr6.10-30.69 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr6.10-30.69 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kernel-default-4.4.180-94.107 is installed OR kernel-default-base-4.4.180-94.107 is installed OR kernel-default-devel-4.4.180-94.107 is installed OR kernel-default-kgraft-4.4.180-94.107 is installed OR kernel-default-man-4.4.180-94.107 is installed OR kernel-devel-4.4.180-94.107 is installed OR kernel-macros-4.4.180-94.107 is installed OR kernel-source-4.4.180-94.107 is installed OR kernel-syms-4.4.180-94.107 is installed OR kgraft-patch-4_4_180-94_107-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_29-1-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information liblouis-2.6.4-6.6 is installed OR liblouis-data-2.6.4-6.6 is installed OR liblouis9-2.6.4-6.6 is installed OR python-louis-2.6.4-6.6 is installed OR python3-louis-2.6.4-6.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND apache2-mod_perl-2.0.8-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND xrdp-0.9.0~git.1456906198.f422461-21.27 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information libruby2_1-2_1-2.1.9-19.3 is installed OR ruby2.1-2.1.9-19.3 is installed OR ruby2.1-stdlib-2.1.9-19.3 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND Package Information kernel-default-4.12.14-95.60 is installed OR kernel-default-base-4.12.14-95.60 is installed OR kernel-default-devel-4.12.14-95.60 is installed OR kernel-devel-4.12.14-95.60 is installed OR kernel-macros-4.12.14-95.60 is installed OR kernel-source-4.12.14-95.60 is installed OR kernel-syms-4.12.14-95.60 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libssh2-1-1.4.3-20.9 is installed OR libssh2-1-32bit-1.4.3-20.9 is installed OR libssh2_org-1.4.3-20.9 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND python-Twisted-15.2.1-9.5 is installed

BACK