SUSE: 2019:1804-1 Important: Ruby-Bundled Gems Fixes, Security Issues

suse

July 10, 2019

An update that solves 21 vulnerabilities and has two fixes is now available

Summary

This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-8320: Delete directory using symlink when decompressing tar (bsc#1130627) - CVE-2019-8321: Escape sequence injection vulnerability in verbose (bsc#1130623) - CVE-2019-8322: Escape sequence injection vulnerability in gem owner (bsc#1130622) - CVE-2019-8323: Escape sequence injection vulnerability in API response handling (bsc#1130620) - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution (bsc#1130617)

Topics Covered

security advisory important suse deletion issue ruby2.5 ruby-bundled-gems injection issue

References

#1082007 #1082008 #1082009 #1082010 #1082011

#1082014 #1082058 #1087433 #1087434 #1087436

#1087437 #1087440 #1087441 #1112530 #1112532

#1130028 #1130611 #1130617 #1130620 #1130622

#1130623 #1130627 #1133790

Cross- CVE-2017-17742 CVE-2018-1000073 CVE-2018-1000074

CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077

CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395

CVE-2018-16396 CVE-2018-6914 CVE-2018-8777

CVE-2018-8778 CVE-2018-8779 CVE-2018-8780

CVE-2019-8320 CVE-2019-8321 CVE-2019-8322

CVE-2019-8323 CVE-2019-8324 CVE-2019-8325

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterpr...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2019:1804-1

Rating: important

Topics Covered

security advisory important suse deletion issue ruby2.5 ruby-bundled-gems injection issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:1804-1 Important: Ruby-Bundled Gems Fixes, Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:1804-1 Important: Ruby-Bundled Gems Fixes, Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!