OPENSUSE-SU-2020:0395-1
Vulnerability Summary
Timeline
Description
Recommended update for ruby2.5 This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•ruby2.5&distro=openSUSE Leap 15.1
< 2.5.7-lp151.4.6.1
References (15)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZJAMCVFC2KL342QI4W5HGYIZXTNBURQT/
- https://bugzilla.suse.com/1140844
- https://bugzilla.suse.com/1152990
- https://bugzilla.suse.com/1152992
- https://bugzilla.suse.com/1152994
- https://bugzilla.suse.com/1152995
- https://bugzilla.suse.com/1162396
- https://bugzilla.suse.com/1164804
- https://www.suse.com/security/cve/CVE-2012-6708
- https://www.suse.com/security/cve/CVE-2015-9251
- https://www.suse.com/security/cve/CVE-2019-15845
- https://www.suse.com/security/cve/CVE-2019-16201
- https://www.suse.com/security/cve/CVE-2019-16254
- https://www.suse.com/security/cve/CVE-2019-16255
- https://www.suse.com/security/cve/CVE-2020-8130