[SUSE-SU-2017:1067-1] Security update for ruby2.1
Security update for ruby2.1
This ruby2.1 update to version 2.1.9 fixes the following issues:
Security issues fixed:
- CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808)
- CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)
- CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032)
- CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of
hostnames (bsc#926974)
- CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877)
Bugfixes:
- SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863)
- Segmentation fault after pack & ioctl & unpack (bsc#909695)
- Ruby:HTTP Header injection in 'net/http' (bsc#986630)
ChangeLog:
- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog
- ID
- SUSE-SU-2017:1067-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2017/suse-su-20171067-1/
- Published
-
2017-04-20T06:35:59
(7 years ago) - Modified
-
2017-04-20T06:35:59
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2015-529
- ALAS-2015-530
- ALAS-2015-531
- ALAS-2015-532
- ALAS-2015-533
- ALAS-2015-547
- ALAS-2015-548
- ALAS-2015-549
- ALAS-2016-632
- DSA-3157-1
- DSA-3245-1
- DSA-3246-1
- DSA-3247-1
- ELSA-2014-1912
- FEDORA-2014-14096
- FEDORA-2015-12501
- FEDORA-2015-12574
- FEDORA-2015-13157
- FEDORA-2015-6238
- FEDORA-2015-6377
- FEDORA-2015-c4409eb73a
- FEDORA-2015-eef21b972e
- FREEBSD:3B50881D-1860-4721-AAB1-503290E23F6C
- FREEBSD:A0089E18-FC9E-11E4-BC58-001E67150279
- FREEBSD:D4379F59-3E9B-49EB-933B-61DE4D0B0FDB
- RHSA-2014:1912
- RUBYSEC:RUBYGEMS-UPDATE-2015-3900
- SUSE-SU-2015:1889-1
- SUSE-SU-2017:0914-1
- SUSE-SU-2017:0948-1
- SUSE-SU-2020:1570-1
- USN-2397-1
- USN-3365-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/ruby2.1?arch=x86_64&distro=sles-12&sp=2 | suse | ruby2.1 | < 2.1.9-15.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1?arch=x86_64&distro=sles-12&sp=1 | suse | ruby2.1 | < 2.1.9-15.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1?arch=x86_64&distro=sled-12&sp=2 | suse | ruby2.1 | < 2.1.9-15.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1?arch=x86_64&distro=sled-12&sp=1 | suse | ruby2.1 | < 2.1.9-15.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1?arch=s390x&distro=sles-12&sp=2 | suse | ruby2.1 | < 2.1.9-15.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/ruby2.1?arch=s390x&distro=sles-12&sp=1 | suse | ruby2.1 | < 2.1.9-15.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/ruby2.1?arch=ppc64le&distro=sles-12&sp=2 | suse | ruby2.1 | < 2.1.9-15.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/ruby2.1?arch=ppc64le&distro=sles-12&sp=1 | suse | ruby2.1 | < 2.1.9-15.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/ruby2.1?arch=aarch64&distro=sles-12&sp=2 | suse | ruby2.1 | < 2.1.9-15.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=x86_64&distro=sles-12&sp=2 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=x86_64&distro=sles-12&sp=1 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=x86_64&distro=sled-12&sp=2 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=x86_64&distro=sled-12&sp=1 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=s390x&distro=sles-12&sp=2 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=s390x&distro=sles-12&sp=1 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=ppc64le&distro=sles-12&sp=2 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=ppc64le&distro=sles-12&sp=1 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/ruby2.1-stdlib?arch=aarch64&distro=sles-12&sp=2 | suse | ruby2.1-stdlib | < 2.1.9-15.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=x86_64&distro=sles-12&sp=2 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=x86_64&distro=sles-12&sp=1 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=x86_64&distro=sled-12&sp=2 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=x86_64&distro=sled-12&sp=1 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=s390x&distro=sles-12&sp=2 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=s390x&distro=sles-12&sp=1 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=ppc64le&distro=sles-12&sp=2 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=ppc64le&distro=sles-12&sp=1 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/libruby2_1-2_1?arch=aarch64&distro=sles-12&sp=2 | suse | libruby2_1-2_1 | < 2.1.9-15.1 | sles-12 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |