Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:1512-1 Important: Ruby2.5 Buffer Overflow and DoS

suse
Calendar Grey May 3, 2022
Dist Suse Esm H88
Addressing several security flaws in ruby2.5 for SUSE, this advisory includes detailed patch implementation guidance alongside assessed severity levels for each vulnerability.
An update that fixes 5 vulnerabilities is now available

Summary

This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1512=1 - openSUSE Leap 15.3:

Topics%20covered

Topics Covered

security advisory buffer overflow patch important suse dos ruby2.5

References

#1188160 #1188161 #1190375 #1193035 #1198441

Cross- CVE-2021-31799 CVE-2021-31810 CVE-2021-32066

CVE-2021-41817 CVE-2022-28739

CVSS scores:

CVE-2021-31799 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-31799 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-31810 (NVD) : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVE-2021-31810 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2021-32066 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2021-32066 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2021-41817 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-28739 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1512-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow patch important suse dos ruby2.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here