[SUSE-SU-2020:0737-1] Recommended update for ruby2.5
Severity
Important
Affected Packages
20
CVEs
7
Recommended update for ruby2.5
This update for ruby2.5 toversion 2.5.7 fixes the following issues:
ruby 2.5 was updated to version 2.5.7
- CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).
- CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990).
- CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).
- CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994).
- CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995).
- CVE-2012-6708: Fixed an XSS in JQuery
- CVE-2015-9251: Fixed an XSS in JQuery
- Fixed unit tests (bsc#1140844)
- Removed some unneeded test files (bsc#1162396).
- ID
- SUSE-SU-2020:0737-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2020/suse-su-20200737-1/
- Published
-
2020-03-20T12:47:31
(4 years ago) - Modified
-
2020-03-20T12:47:31
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2020-1384
-
ALAS-2020-1385
-
ALAS-2020-1422
-
ALAS2-2020-1519
-
ALAS2-2024-2486
-
ALPINE:CVE-2012-6708
-
ALPINE:CVE-2015-9251
-
ALPINE:CVE-2019-15845
-
ALPINE:CVE-2019-16201
-
ALPINE:CVE-2019-16254
-
ALPINE:CVE-2019-16255
-
ALSA-2020:4670
-
ALSA-2020:4847
-
ALSA-2021:2587
-
ALSA-2021:2588
-
ASA-201910-2
-
ASA-201910-4
-
DSA-4586-1
-
DSA-4587-1
-
ELSA-2020-3936
-
ELSA-2021-2587
-
ELSA-2021-2588
-
FEDORA-2020-28e06b5f08
-
FEDORA-2020-dc1ae17bb5
-
FREEBSD:416CA0F4-3FE0-11E9-BBDD-6805CA0B3D42
-
FREEBSD:ED8D5535-CA78-11E9-980B-999FF59C22EA
-
FREEBSD:F7FCB75C-E537-11E9-863E-B9B7AF01BA9E
-
GLSA-202003-06
-
MAVEN:GHSA-2PQJ-H3VJ-PQGW
-
MAVEN:GHSA-RMXG-73GG-4P98
-
MS:CVE-2019-15845
-
MS:CVE-2019-16201
-
MS:CVE-2019-16254
-
MS:CVE-2019-16255
-
NPM:GHSA-2PQJ-H3VJ-PQGW
-
NPM:GHSA-RMXG-73GG-4P98
-
openSUSE-SU-2020:0395-1
-
RHSA-2020:3936
-
RHSA-2020:4670
-
RHSA-2020:4847
-
RHSA-2021:2587
-
RHSA-2021:2588
-
RLSA-2020:4670
-
RLSA-2020:4847
-
RLSA-2021:2587
-
RLSA-2021:2588
-
RUBYSEC:JQUERY-RAILS-2012-6708
-
RUBYSEC:JQUERY-RAILS-2015-9251
-
RUBYSEC:PUMA-2020-5247
-
RUBYSEC:RAKE-2020-8130
-
SUSE-SU-2020:1570-1
-
SUSE-SU-2022:3212-1
-
USN-4201-1
-
USN-4295-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/ruby2.5?arch=x86_64&distro=sles-15 | suse |
 ruby2.5
|
< 2.5.7-4.8.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/ruby2.5?arch=s390x&distro=sles-15 | suse |
ruby2.5
|
< 2.5.7-4.8.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/ruby2.5?arch=ppc64le&distro=sles-15 | suse |
ruby2.5
|
< 2.5.7-4.8.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/ruby2.5?arch=aarch64&distro=sles-15 | suse |
ruby2.5
|
< 2.5.7-4.8.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/ruby2.5-stdlib?arch=x86_64&distro=sles-15 | suse |
ruby2.5-stdlib
|
< 2.5.7-4.8.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/ruby2.5-stdlib?arch=s390x&distro=sles-15 | suse |
ruby2.5-stdlib
|
< 2.5.7-4.8.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/ruby2.5-stdlib?arch=ppc64le&distro=sles-15 | suse |
ruby2.5-stdlib
|
< 2.5.7-4.8.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/ruby2.5-stdlib?arch=aarch64&distro=sles-15 | suse |
ruby2.5-stdlib
|
< 2.5.7-4.8.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/ruby2.5-devel?arch=x86_64&distro=sles-15 | suse |
ruby2.5-devel
|
< 2.5.7-4.8.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/ruby2.5-devel?arch=s390x&distro=sles-15 | suse |
ruby2.5-devel
|
< 2.5.7-4.8.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/ruby2.5-devel?arch=ppc64le&distro=sles-15 | suse |
ruby2.5-devel
|
< 2.5.7-4.8.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/ruby2.5-devel?arch=aarch64&distro=sles-15 | suse |
ruby2.5-devel
|
< 2.5.7-4.8.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/ruby2.5-devel-extra?arch=x86_64&distro=sles-15 | suse |
ruby2.5-devel-extra
|
< 2.5.7-4.8.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/ruby2.5-devel-extra?arch=s390x&distro=sles-15 | suse |
ruby2.5-devel-extra
|
< 2.5.7-4.8.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/ruby2.5-devel-extra?arch=ppc64le&distro=sles-15 | suse |
ruby2.5-devel-extra
|
< 2.5.7-4.8.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/ruby2.5-devel-extra?arch=aarch64&distro=sles-15 | suse |
ruby2.5-devel-extra
|
< 2.5.7-4.8.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/libruby2_5-2_5?arch=x86_64&distro=sles-15 | suse |
libruby2_5-2_5
|
< 2.5.7-4.8.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/libruby2_5-2_5?arch=s390x&distro=sles-15 | suse |
libruby2_5-2_5
|
< 2.5.7-4.8.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/libruby2_5-2_5?arch=ppc64le&distro=sles-15 | suse |
libruby2_5-2_5
|
< 2.5.7-4.8.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/libruby2_5-2_5?arch=aarch64&distro=sles-15 | suse |
libruby2_5-2_5
|
< 2.5.7-4.8.1 | sles-15 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |