openSUSE Leap 15.1 Advisory: 2019:1771-1 Important: ruby2.5 Security Fixes
opensuse
July 21, 2019
An update that solves 21 vulnerabilities and has two fixes is now available.
Description
This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the
following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/
https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
(bsc#1130627)
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
(bsc#1130623)
- CVE-2019-8322: Escape sequence injection vulnerability in gem
owner (bsc#1130622)
- CVE-2019-8323: Escape sequence injection vulnerability in API response
handling (bsc#1130620)
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
execution (bsc#1130617)
- CVE-2019-8325: Escape sequence injection vulnerability in errors (bsc#1130611)
Ruby 2.5 was updated to 2.5.3:
This release includes some bug fixes and some security fixes.
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1771=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1771=1
Package List
- openSUSE Leap 15.1 (noarch):
ruby-bundled-gems-rpmhelper-0.0.2-lp151.2.1
ruby2.5-doc-ri-2.5.5-lp151.4.3.1
- openSUSE Leap 15.1 (x86_64):
libruby2_5-2_5-2.5.5-lp151.4.3.1
libruby2_5-2_5-debuginfo-2.5.5-lp151.4.3.1
ruby2.5-2.5.5-lp151.4.3.1
ruby2.5-debuginfo-2.5.5-lp151.4.3.1
ruby2.5-debugsource-2.5.5-lp151.4.3.1
ruby2.5-devel-2.5.5-lp151.4.3.1
ruby2.5-devel-extra-2.5.5-lp151.4.3.1
ruby2.5-doc-2.5.5-lp151.4.3.1
ruby2.5-stdlib-2.5.5-lp151.4.3.1
ruby2.5-stdlib-debuginfo-2.5.5-lp151.4.3.1
- openSUSE Leap 15.0 (noarch):
ruby-bundled-gems-rpmhelper-0.0.2-lp150.2.1
ruby2.5-doc-ri-2.5.5-lp150.3.3.1
- openSUSE Leap 15.0 (x86_64):
libruby2_5-2_5-2.5.5-lp150.3.3.1
libruby2_5-2_5-debuginfo-2.5.5-lp150.3.3.1
ruby2.5-2.5.5-lp150.3.3.1
ruby2.5-debuginfo-2.5.5-lp150.3.3.1
ruby2.5-debugsource-2.5.5-lp150.3.3.1
ruby2.5-devel-2.5.5-lp150.3.3.1
ruby2.5-devel-extra-2.5.5-lp150.3.3.1
ruby2.5-doc-2.5.5-lp150.3.3.1
ruby2.5-stdlib-2.5.5-lp150.3.3.1
ruby2.5-stdlib-debuginfo-2.5.5-lp150.3.3.1
References
https://www.suse.com/security/cve/CVE-2017-17742.html
https://www.suse.com/security/cve/CVE-2018-1000073.html
https://www.suse.com/security/cve/CVE-2018-1000074.html
https://www.suse.com/security/cve/CVE-2018-1000075.html
https://www.suse.com/security/cve/CVE-2018-1000076.html
https://www.suse.com/security/cve/CVE-2018-1000077.html
https://www.suse.com/security/cve/CVE-2018-1000078.html
https://www.suse.com/security/cve/CVE-2018-1000079.html
https://www.suse.com/security/cve/CVE-2018-16395.html
https://www.suse.com/security/cve/CVE-2018-16396.html
https://www.suse.com/security/cve/CVE-2018-6914.html
https://www.suse.com/security/cve/CVE-2018-8777.html
https://www.suse.com/security/cve/CVE-2018-8778.html
https://www.suse.com/security/cve/CVE-2018-8779.html
https://www.suse.com/security/cve/CVE-2018-8780.html
https://www.suse.com/security/cve/CVE-2019-8320.html
https://www.suse.com/security/cve/CVE-2019-8321.html
https://www.suse.com/security/cve/CVE-2019-8322.html
https://www.suse.com/security/cve/CVE-20...
Read the Full Advisory
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:1771-1
Rating: important
Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!