9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:C/A:C
0.022 Low
EPSS
Percentile
88.2%
An update that solves 21 vulnerabilities and has two fixes
is now available.
Description:
This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the
following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/
https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:
Ruby 2.5 was updated to 2.5.3:
This release includes some bug fixes and some security fixes.
Security issues fixed:
Ruby 2.5 was updated to 2.5.1:
This release includes some bug fixes and some security fixes.
Security issues fixed:
CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)
CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir (bsc#1087441)
CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)
CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket (bsc#1087440)
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
Dir (bsc#1087437)
Multiple vulnerabilities in RubyGems were fixed:
Other changes:
Changes in ruby-bundled-gems-rpmhelper:
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-1771=1
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1771=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.1 | noarch | < - openSUSE Leap 15.1 (noarch): | - openSUSE Leap 15.1 (noarch):.noarch.rpm | |
openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm | |
openSUSE Leap | 15.0 | noarch | < - openSUSE Leap 15.0 (noarch): | - openSUSE Leap 15.0 (noarch):.noarch.rpm | |
openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (x86_64): | - openSUSE Leap 15.0 (x86_64):.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:C/A:C
0.022 Low
EPSS
Percentile
88.2%