Oval Definition:	oval:org.opensuse.security:def:61033
Revision Date: 2020-12-01 Version: 1 Title: Security update for rubygem-rack (Moderate) Description: This update for rubygem-rack to version 1.6.13 fixes the following issues: - CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1173351). - CVE-2020-8161: Fixed a directory traversal (bsc#1172037). - CVE-2019-16782: Fixed an information leak / session hijack vulnerability (bsc#1159548). Family: unix Class: patch Status: Reference(s): 1003846 1019807 1022805 1025282 1027282 1029907 1029908 1029909 1029995 1030296 1030297 1030298 1030583 1030584 1030585 1030588 1030589 1031590 1031593 1031595 1031638 1031644 1031656 1033122 1037052 1037057 1037061 1037062 1037066 1037070 1037072 1037273 1038874 1038875 1038876 1038877 1038878 1038880 1038881 1040109 1040112 1040113 1040115 1041090 1042670 1044417 1044891 1044897 1044901 1044909 1044925 1044927 1045341 1046094 1052061 1052496 1052503 1052507 1052509 1052511 1052514 1052518 1053347 1056248 1056249 1056251 1056312 1056437 1057139 1057144 1057149 1058480 1059050 1060599 1060621 1061241 1066713 1072124 1072125 1073269 1073748 1078326 1078485 1081750 1084650 1086001 1087082 1087083 1088004 1088009 1089343 1104134 1113455 1114837 1130840 1138034 1141853 1149792 1149955 1153238 1153830 1155094 1159035 1159548 1162224 1162367 1162423 1162825 1165894 1168404 1168407 1169066 1170411 1171561 1171924 1172037 1172265 1173274 1173351 1173455 1174091 1174701 437293 445037 546106 561142 578249 590820 691290 698346 713504 776968 863764 938658 945401 970239 CVE-2014-9939 CVE-2015-1239 CVE-2016-2399 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-17479 CVE-2017-17480 CVE-2017-5357 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7227 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-7614 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8395 CVE-2017-8396 CVE-2017-8397 CVE-2017-8398 CVE-2017-8421 CVE-2017-9038 CVE-2017-9039 CVE-2017-9040 CVE-2017-9041 CVE-2017-9042 CVE-2017-9043 CVE-2017-9044 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2017-9617 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2017-9766 CVE-2017-9954 CVE-2017-9955 CVE-2018-14647 CVE-2018-16850 CVE-2018-18444 CVE-2018-20852 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 CVE-2019-10164 CVE-2019-16056 CVE-2019-16782 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-9674 CVE-2019-9947 CVE-2020-14422 CVE-2020-15049 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 CVE-2020-8161 CVE-2020-8184 CVE-2020-8492 SUSE-SU-2017:1986-1 SUSE-SU-2017:2555-1 SUSE-SU-2017:3170-1 SUSE-SU-2018:1364-1 SUSE-SU-2018:2331-1 SUSE-SU-2018:3770-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1946-1 SUSE-SU-2020:2678-1 SUSE-SU-2020:3343-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.2 openSUSE Leap 15.2 NonFree SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information elfutils-0.168-lp151.4.3 is installed OR elfutils-lang-0.168-lp151.4.3 is installed OR libasm-devel-0.168-lp151.4.3 is installed OR libasm1-0.168-lp151.4.3 is installed OR libasm1-32bit-0.168-lp151.4.3 is installed OR libdw-devel-0.168-lp151.4.3 is installed OR libdw1-0.168-lp151.4.3 is installed OR libdw1-32bit-0.168-lp151.4.3 is installed OR libebl-devel-0.168-lp151.4.3 is installed OR libebl-plugins-0.168-lp151.4.3 is installed OR libebl-plugins-32bit-0.168-lp151.4.3 is installed OR libelf-devel-0.168-lp151.4.3 is installed OR libelf-devel-32bit-0.168-lp151.4.3 is installed OR libelf1-0.168-lp151.4.3 is installed OR libelf1-32bit-0.168-lp151.4.3 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information libraw-0.18.9-lp152.5.3 is installed OR libraw-devel-0.18.9-lp152.5.3 is installed OR libraw-devel-static-0.18.9-lp152.5.3 is installed OR libraw-tools-0.18.9-lp152.5.3 is installed OR libraw16-0.18.9-lp152.5.3 is installed Definition Synopsis openSUSE Leap 15.2 NonFree is installed AND opera-69.0.3686.49-lp152.2.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libquicktime-1.2.4-14.3 is installed OR libquicktime0-1.2.4-14.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libpython2_7-1_0-2.7.17-28.42 is installed OR libpython2_7-1_0-32bit-2.7.17-28.42 is installed OR python-2.7.17-28.42 is installed OR python-32bit-2.7.17-28.42 is installed OR python-base-2.7.17-28.42 is installed OR python-base-32bit-2.7.17-28.42 is installed OR python-curses-2.7.17-28.42 is installed OR python-demo-2.7.17-28.42 is installed OR python-devel-2.7.17-28.42 is installed OR python-doc-2.7.17-28.42 is installed OR python-doc-pdf-2.7.17-28.42 is installed OR python-gdbm-2.7.17-28.42 is installed OR python-idle-2.7.17-28.42 is installed OR python-rpm-macros-20200207.5feb6c1-3.19 is installed OR python-tk-2.7.17-28.42 is installed OR python-xml-2.7.17-28.42 is installed OR shared-python-startup-0.1-1.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libecpg6-10.9-1.12 is installed OR libpq5-10.9-1.12 is installed OR libpq5-32bit-10.9-1.12 is installed OR postgresql10-10.9-1.12 is installed OR postgresql10-contrib-10.9-1.12 is installed OR postgresql10-docs-10.9-1.12 is installed OR postgresql10-libs-10.9-1.12 is installed OR postgresql10-plperl-10.9-1.12 is installed OR postgresql10-plpython-10.9-1.12 is installed OR postgresql10-pltcl-10.9-1.12 is installed OR postgresql10-server-10.9-1.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND squid-3.5.21-26.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libIlmImf-Imf_2_1-21-2.1.0-6.10 is installed OR openexr-2.1.0-6.10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND axis-1.4-290.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information kernel-default-4.12.14-95.57 is installed OR kernel-default-base-4.12.14-95.57 is installed OR kernel-default-devel-4.12.14-95.57 is installed OR kernel-devel-4.12.14-95.57 is installed OR kernel-macros-4.12.14-95.57 is installed OR kernel-source-4.12.14-95.57 is installed OR kernel-syms-4.12.14-95.57 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information apache2-2.4.23-29.63 is installed OR apache2-doc-2.4.23-29.63 is installed OR apache2-example-pages-2.4.23-29.63 is installed OR apache2-prefork-2.4.23-29.63 is installed OR apache2-utils-2.4.23-29.63 is installed OR apache2-worker-2.4.23-29.63 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information MozillaFirefox-78.1.0-112.8 is installed OR MozillaFirefox-devel-78.1.0-112.8 is installed OR MozillaFirefox-translations-common-78.1.0-112.8 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-rack-1.6.13-3.8 is installed OR rubygem-rack-1.6.13-3.8 is installed
BACK