SUSE-SU-2020:0737-1
Vulnerability Summary
Timeline
Description
Recommended update for ruby2.5 This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804). - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test (bsc#1152990). - CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992). - CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service of WEBrick Digest access authentication (bsc#1152995). - CVE-2012-6708: Fixed an XSS in JQuery - CVE-2015-9251: Fixed an XSS in JQuery - Fixed unit tests (bsc#1140844) - Removed some unneeded test files (bsc#1162396).
Affected Systems
- suse•ruby2.5&distro=SUSE Linux Enterprise High Performance Computing 15-ESPOS
< 2.5.7-4.8.1
- suse•ruby2.5&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS
< 2.5.7-4.8.1
- suse•ruby2.5&distro=SUSE Linux Enterprise Module for Basesystem 15 SP1
< 2.5.7-4.8.1
- suse•ruby2.5&distro=SUSE Linux Enterprise Server 15-LTSS
< 2.5.7-4.8.1
- suse•ruby2.5&distro=SUSE Linux Enterprise Server for SAP Applications 15
< 2.5.7-4.8.1
References (15)
- https://www.suse.com/support/update/announcement/2020/suse-su-20200737-1/
- https://bugzilla.suse.com/1140844
- https://bugzilla.suse.com/1152990
- https://bugzilla.suse.com/1152992
- https://bugzilla.suse.com/1152994
- https://bugzilla.suse.com/1152995
- https://bugzilla.suse.com/1162396
- https://bugzilla.suse.com/1164804
- https://www.suse.com/security/cve/CVE-2012-6708
- https://www.suse.com/security/cve/CVE-2015-9251
- https://www.suse.com/security/cve/CVE-2019-15845
- https://www.suse.com/security/cve/CVE-2019-16201
- https://www.suse.com/security/cve/CVE-2019-16254
- https://www.suse.com/security/cve/CVE-2019-16255
- https://www.suse.com/security/cve/CVE-2020-8130