Security update for ruby2.1
| Announcement ID: | SUSE-SU-2017:1067-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves five vulnerabilities and has three security fixes can now be installed.
Description:
This ruby2.1 update to version 2.1.9 fixes the following issues:
Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877)
Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630)
ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Magnum Orchestration 7
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-624=1 -
SUSE Linux Enterprise Desktop 12 SP1
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-624=1 -
SUSE Linux Enterprise Desktop 12 SP2
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-624=1 -
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-624=1 -
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-624=1 -
SUSE Linux Enterprise Software Development Kit 12 12-SP2
zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-624=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-624=1 -
SUSE Linux Enterprise Server 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-624=1 -
SUSE Linux Enterprise High Performance Computing 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-624=1 -
SUSE Linux Enterprise Server 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-624=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-624=1
Package List:
-
Magnum Orchestration 7 (x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-devel-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-devel-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
- ruby2.1-stdlib-2.1.9-15.1
- ruby2.1-2.1.9-15.1
- ruby2.1-debugsource-2.1.9-15.1
- ruby2.1-debuginfo-2.1.9-15.1
- ruby2.1-stdlib-debuginfo-2.1.9-15.1
- libruby2_1-2_1-2.1.9-15.1
- libruby2_1-2_1-debuginfo-2.1.9-15.1
References:
- https://www.suse.com/security/cve/CVE-2014-4975.html
- https://www.suse.com/security/cve/CVE-2015-1855.html
- https://www.suse.com/security/cve/CVE-2015-3900.html
- https://www.suse.com/security/cve/CVE-2015-7551.html
- https://www.suse.com/security/cve/CVE-2016-2339.html
- https://bugzilla.suse.com/show_bug.cgi?id=1014863
- https://bugzilla.suse.com/show_bug.cgi?id=1018808
- https://bugzilla.suse.com/show_bug.cgi?id=887877
- https://bugzilla.suse.com/show_bug.cgi?id=909695
- https://bugzilla.suse.com/show_bug.cgi?id=926974
- https://bugzilla.suse.com/show_bug.cgi?id=936032
- https://bugzilla.suse.com/show_bug.cgi?id=959495
- https://bugzilla.suse.com/show_bug.cgi?id=986630