SUSE: 2020:1570-1 Critical Update for ruby2.1 Security Vulnerability

suse

June 9, 2020

An update that fixes 42 vulnerabilities is now available

Summary

This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system

Topics Covered

security advisory software update vulnerability patch important SUSE ruby

References

#1043983 #1048072 #1055265 #1056286 #1056782

#1058754 #1058755 #1058757 #1062452 #1069607

#1069632 #1073002 #1078782 #1082007 #1082008

#1082009 #1082010 #1082011 #1082014 #1082058

#1087433 #1087434 #1087436 #1087437 #1087440

#1087441 #1112530 #1112532 #1130611 #1130617

#1130620 #1130622 #1130623 #1130627 #1152990

#1152992 #1152994 #1152995 #1171517 #1172275

Cross- CVE-2015-9096 CVE-2016-2339 CVE-2016-7798

CVE-2017-0898 CVE-2017-0899 CVE-2017-0900

CVE-2017-0901 CVE-2017-0902 CVE-2017-0903

CVE-2017-10784 CVE-2017-14033 CVE-2017-14064

CVE-2017-17405 CVE-2017-17742 CVE-2017-17790

CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073

CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076

CVE-2018-10000...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2020:1570-1

Rating: important

Topics Covered

security advisory software update vulnerability patch important SUSE ruby

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:1570-1 Critical Update for ruby2.1 Security Vulnerability

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:1570-1 Critical Update for ruby2.1 Security Vulnerability

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!