Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

SUSE: 2021:2034-1 Critical: Python 3.6 Buffer Overflow Resolution

suse
Calendar Grey April 20, 2017
Scroller Suse
Address various vulnerabilities associated with the ruby2.1 version on SUSE platforms. Implement necessary updates to strengthen the overall security posture.
An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes An update that solves 5 vulnerabilities and has three fixes ...

Summary

This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695)

References

#1014863 #1018808 #887877 #909695 #926974

#936032 #959495 #986630

Cross- CVE-2014-4975 CVE-2015-1855 CVE-2015-3900

CVE-2015-7551 CVE-2016-2339

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Desktop 12-SP2

SUSE Linux Enterprise Desktop 12-SP1

OpenStack Cloud Magnum Orchestration 7

https://www.suse.com/security/cve/CVE-2014-4975.html

https://www.suse.com/security/cve/CVE-2015-1855.html

https://www.suse.com/security/cve/CVE-2015-3900.html

https://www.suse.com/security/cve/CVE-2015-7551.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1067-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.