1. Home
  2. Security Advisories
  3. OpenSUSE
  4. openSUSE-SU-2020:0395-1

[openSUSE-SU-2020:0395-1] Recommended update for ruby2.5

Severity Important
Affected Packages 7
CVEs 7
Info Packages References Vulnerabilities

Recommended update for ruby2.5

This update for ruby2.5 toversion 2.5.7 fixes the following issues:

ruby 2.5 was updated to version 2.5.7

  • CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).
  • CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990).
  • CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).
  • CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994).
  • CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995).
  • CVE-2012-6708: Fixed an XSS in JQuery
  • CVE-2015-9251: Fixed an XSS in JQuery
  • Fixed unit tests (bsc#1140844)
  • Removed some unneeded test files (bsc#1162396).

This update was imported from the SUSE:SLE-15:Update update project.

Package Affected Version
pkg:rpm/opensuse/ruby2.5?arch=x86_64&distro=opensuse-leap-15.1 < 2.5.7-lp151.4.6.1
pkg:rpm/opensuse/ruby2.5-stdlib?arch=x86_64&distro=opensuse-leap-15.1 < 2.5.7-lp151.4.6.1
pkg:rpm/opensuse/ruby2.5-doc?arch=x86_64&distro=opensuse-leap-15.1 < 2.5.7-lp151.4.6.1
pkg:rpm/opensuse/ruby2.5-doc-ri?arch=noarch&distro=opensuse-leap-15.1 < 2.5.7-lp151.4.6.1
pkg:rpm/opensuse/ruby2.5-devel?arch=x86_64&distro=opensuse-leap-15.1 < 2.5.7-lp151.4.6.1
pkg:rpm/opensuse/ruby2.5-devel-extra?arch=x86_64&distro=opensuse-leap-15.1 < 2.5.7-lp151.4.6.1
pkg:rpm/opensuse/libruby2_5-2_5?arch=x86_64&distro=opensuse-leap-15.1 < 2.5.7-lp151.4.6.1
ID
openSUSE-SU-2020:0395-1
Severity
important
URL
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZJAMCVFC2KL342QI4W5HGYIZXTNBURQT/
Published
2020-03-28T17:16:57
(4 years ago)
Modified
2020-03-28T17:16:57
(4 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0395-1.json
Suse URL for openSUSE-SU-2020:0395-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZJAMCVFC2KL342QI4W5HGYIZXTNBURQT/
Suse E-Mail link for openSUSE-SU-2020:0395-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZJAMCVFC2KL342QI4W5HGYIZXTNBURQT/
Bugzilla SUSE Bug 1140844 https://bugzilla.suse.com/1140844
Bugzilla SUSE Bug 1152990 https://bugzilla.suse.com/1152990
Bugzilla SUSE Bug 1152992 https://bugzilla.suse.com/1152992
Bugzilla SUSE Bug 1152994 https://bugzilla.suse.com/1152994
Bugzilla SUSE Bug 1152995 https://bugzilla.suse.com/1152995
Bugzilla SUSE Bug 1162396 https://bugzilla.suse.com/1162396
Bugzilla SUSE Bug 1164804 https://bugzilla.suse.com/1164804
CVE SUSE CVE CVE-2012-6708 page https://www.suse.com/security/cve/CVE-2012-6708/
CVE SUSE CVE CVE-2015-9251 page https://www.suse.com/security/cve/CVE-2015-9251/
CVE SUSE CVE CVE-2019-15845 page https://www.suse.com/security/cve/CVE-2019-15845/
CVE SUSE CVE CVE-2019-16201 page https://www.suse.com/security/cve/CVE-2019-16201/
CVE SUSE CVE CVE-2019-16254 page https://www.suse.com/security/cve/CVE-2019-16254/
CVE SUSE CVE CVE-2019-16255 page https://www.suse.com/security/cve/CVE-2019-16255/
CVE SUSE CVE CVE-2020-8130 page https://www.suse.com/security/cve/CVE-2020-8130/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/opensuse/ruby2.5?arch=x86_64&distro=opensuse-leap-15.1 opensuse ruby2.5 < 2.5.7-lp151.4.6.1 opensuse-leap-15.1 x86_64
Affected pkg:rpm/opensuse/ruby2.5-stdlib?arch=x86_64&distro=opensuse-leap-15.1 opensuse ruby2.5-stdlib < 2.5.7-lp151.4.6.1 opensuse-leap-15.1 x86_64
Affected pkg:rpm/opensuse/ruby2.5-doc?arch=x86_64&distro=opensuse-leap-15.1 opensuse ruby2.5-doc < 2.5.7-lp151.4.6.1 opensuse-leap-15.1 x86_64
Affected pkg:rpm/opensuse/ruby2.5-doc-ri?arch=noarch&distro=opensuse-leap-15.1 opensuse ruby2.5-doc-ri < 2.5.7-lp151.4.6.1 opensuse-leap-15.1 noarch
Affected pkg:rpm/opensuse/ruby2.5-devel?arch=x86_64&distro=opensuse-leap-15.1 opensuse ruby2.5-devel < 2.5.7-lp151.4.6.1 opensuse-leap-15.1 x86_64
Affected pkg:rpm/opensuse/ruby2.5-devel-extra?arch=x86_64&distro=opensuse-leap-15.1 opensuse ruby2.5-devel-extra < 2.5.7-lp151.4.6.1 opensuse-leap-15.1 x86_64
Affected pkg:rpm/opensuse/libruby2_5-2_5?arch=x86_64&distro=opensuse-leap-15.1 opensuse libruby2_5-2_5 < 2.5.7-lp151.4.6.1 opensuse-leap-15.1 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date