What Are You Looking For?

Sign Up
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:862-1
Container Tags        : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-17.7 , bci/ruby:latest
Container Release     : 17.7
Severity              : important
Type                  : security
References            : 1188160 1188161 1190375 1193035 1198441 CVE-2021-31799 CVE-2021-31810
                        CVE-2021-32066 CVE-2021-41817 CVE-2022-28739 
-----------------------------------------------------------------

The container bci/ruby was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1512-1
Released:    Tue May  3 16:11:28 2022
Summary:     Security update for ruby2.5
Type:        security
Severity:    important
References:  1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739
This update for ruby2.5 fixes the following issues:

- CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441).
- CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035).
- CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
- CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). 


The following package changes have been done:

- libruby2_5-2_5-2.5.9-150000.4.23.1 updated
- ruby2.5-devel-2.5.9-150000.4.23.1 updated
- ruby2.5-stdlib-2.5.9-150000.4.23.1 updated
- ruby2.5-2.5.9-150000.4.23.1 updated

SUSE: 2022:862-1 bci/ruby Security Update

May 4, 2022
The container bci/ruby was updated

Summary

Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important

References

References : 1188160 1188161 1190375 1193035 1198441 CVE-2021-31799 CVE-2021-31810

CVE-2021-32066 CVE-2021-41817 CVE-2022-28739

1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739

This update for ruby2.5 fixes the following issues:

- CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441).

- CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035).

- CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).

- CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).

- CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375).

The following package changes have been done:

- libruby2_5-2_5-2.5.9-150000.4.23.1 updated

- ruby2.5-devel-2.5.9-150000.4.23.1 updated

- ruby2.5-stdlib-2.5.9-150000.4.23.1 updated

- ruby2.5-2.5.9-150000.4.23.1 updated

Severity
Container Advisory ID : SUSE-CU-2022:862-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-17.7 , bci/ruby:latest
Container Release : 17.7
Severity : important
Type : security

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

Ubuntu Linux 23.10 Is Adding an Important New Security Feature

Oct 11, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo