Описание
Security update for rubygem-activejob-5_1
This update for rubygem-activejob-5_1 fixes the following issues:
Security issue fixed:
- CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15
ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1
Ссылки
- Link for SUSE-SU-2018:3996-1
- E-Mail link for SUSE-SU-2018:3996-1
- SUSE Security Ratings
- SUSE Bug 1117632
- SUSE CVE CVE-2018-16476 page
Описание
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1
Ссылки
- CVE-2018-16476
- SUSE Bug 1117632
- SUSE Bug 1129268