Oval Definition:	oval:org.opensuse.security:def:60934
Revision Date: 2020-12-01 Version: 1 Title: Security update for rubygem-loofah (Moderate) Description: This update for rubygem-loofah fixes the following issues: Security issues fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969). - CVE-2018-8048: Fixed XSS vulnerability due to unescaped characters by libcxml2 (bsc#1085967). Family: unix Class: patch Status: Reference(s): 1012382 1065274 1077717 1082653 1085042 1085536 1085967 1087081 1089343 1090123 1090435 1092001 1094244 1095643 1096978 1097771 1099858 1100132 1100930 1101658 1101789 1102188 1102197 1102203 1102205 1102207 1102211 1102214 1102215 1102340 1102394 1102683 1102851 1103119 1103580 1103745 1103884 1113969 1115750 1115929 1117080 1117840 1122293 1122299 1123156 1123191 1123919 1146068 1146211 1146212 1146213 1146873 1148158 1149811 1151781 1151782 1151783 1151784 1151785 1151786 1152007 1152856 1154212 1154235 1155089 1155942 1156305 1156669 1156914 1157028 1157206 1157482 1158675 1160024 1160048 1160878 1160883 1160895 1160912 1161066 1161351 1161517 1162388 1163018 1163985 1166240 1167373 1170940 1171186 1171352 1173304 1174157 1174922 1174923 1177943 CVE-2017-1002201 CVE-2017-15088 CVE-2017-18344 CVE-2018-11212 CVE-2018-14734 CVE-2018-16468 CVE-2018-17954 CVE-2018-19211 CVE-2018-3620 CVE-2018-3646 CVE-2018-4700 CVE-2018-5390 CVE-2018-8048 CVE-2019-12068 CVE-2019-13117 CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-15890 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 CVE-2019-16770 CVE-2019-18860 CVE-2019-18901 CVE-2019-2422 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2894 CVE-2019-2933 CVE-2019-2938 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2974 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-6778 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-12673 CVE-2020-12674 CVE-2020-14059 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 CVE-2020-1711 CVE-2020-1720 CVE-2020-1983 CVE-2020-2574 CVE-2020-6831 CVE-2020-7039 CVE-2020-7595 CVE-2020-8608 SUSE-SU-2017:2948-1 SUSE-SU-2018:2328-1 SUSE-SU-2018:4089-1 SUSE-SU-2019:0394-1 SUSE-SU-2019:0604-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0640-1 SUSE-SU-2020:1538-1 SUSE-SU-2020:1803-1 SUSE-SU-2020:2274-1 SUSE-SU-2020:3191-1 Platform(s): openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND teeworlds-0.7.3.1-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information krb5-1.12.5-40.16 is installed OR krb5-32bit-1.12.5-40.16 is installed OR krb5-client-1.12.5-40.16 is installed OR krb5-doc-1.12.5-40.16 is installed OR krb5-plugin-kdb-ldap-1.12.5-40.16 is installed OR krb5-plugin-preauth-otp-1.12.5-40.16 is installed OR krb5-plugin-preauth-pkinit-1.12.5-40.16 is installed OR krb5-server-1.12.5-40.16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND squid-3.5.21-26.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information MozillaFirefox-68.8.0-109.119 is installed OR MozillaFirefox-translations-common-68.8.0-109.119 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information postgresql96-9.6.17-3.33 is installed OR postgresql96-contrib-9.6.17-3.33 is installed OR postgresql96-docs-9.6.17-3.33 is installed OR postgresql96-libs-9.6.17-3.33 is installed OR postgresql96-plperl-9.6.17-3.33 is installed OR postgresql96-plpython-9.6.17-3.33 is installed OR postgresql96-pltcl-9.6.17-3.33 is installed OR postgresql96-server-9.6.17-3.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libncurses5-5.9-61 is installed OR libncurses5-32bit-5.9-61 is installed OR libncurses6-5.9-61 is installed OR libncurses6-32bit-5.9-61 is installed OR ncurses-5.9-61 is installed OR ncurses-devel-5.9-61 is installed OR ncurses-devel-32bit-5.9-61 is installed OR ncurses-utils-5.9-61 is installed OR tack-5.9-61 is installed OR terminfo-5.9-61 is installed OR terminfo-base-5.9-61 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information evince-3.20.2-6.22 is installed OR evince-browser-plugin-3.20.2-6.22 is installed OR evince-lang-3.20.2-6.22 is installed OR evince-plugin-djvudocument-3.20.2-6.22 is installed OR evince-plugin-dvidocument-3.20.2-6.22 is installed OR evince-plugin-pdfdocument-3.20.2-6.22 is installed OR evince-plugin-psdocument-3.20.2-6.22 is installed OR evince-plugin-tiffdocument-3.20.2-6.22 is installed OR evince-plugin-xpsdocument-3.20.2-6.22 is installed OR libevdocument3-4-3.20.2-6.22 is installed OR libevview3-3-3.20.2-6.22 is installed OR nautilus-evince-3.20.2-6.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.3-2.56 is installed OR libwebkit2gtk-4_0-37-2.28.3-2.56 is installed OR libwebkit2gtk3-lang-2.28.3-2.56 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56 is installed OR webkit2gtk-4_0-injected-bundles-2.28.3-2.56 is installed OR webkit2gtk3-2.28.3-2.56 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-loofah-2.0.2-3.5 is installed OR rubygem-loofah-2.0.2-3.5 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr6.15-30.72 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72 is installed OR java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72 is installed
BACK