Описание
Security update for rubygem-excon
This update for rubygem-excon fixes the following issues:
- CVE-2019-16779: Fixed an information leak in the socket handling for persistent connections (bsc#1159342)
Список пакетов
Image SLES12-SP5-Azure-Basic-On-Demand
ruby2.1-rubygem-excon-0.52.0-12.3.8
Image SLES12-SP5-Azure-Standard-On-Demand
ruby2.1-rubygem-excon-0.52.0-12.3.8
Image SLES12-SP5-EC2-ECS-On-Demand
ruby2.1-rubygem-excon-0.52.0-12.3.8
Image SLES12-SP5-EC2-On-Demand
ruby2.1-rubygem-excon-0.52.0-12.3.8
Image SLES12-SP5-GCE-On-Demand
ruby2.1-rubygem-excon-0.52.0-12.3.8
SUSE Linux Enterprise Module for Containers 12
ruby2.1-rubygem-excon-0.52.0-12.3.8
Ссылки
- Link for SUSE-SU-2020:2053-1
- E-Mail link for SUSE-SU-2020:2053-1
- SUSE Security Ratings
- SUSE Bug 1159342
- SUSE CVE CVE-2019-16779 page
Описание
In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.
Затронутые продукты
Image SLES12-SP5-Azure-Basic-On-Demand:ruby2.1-rubygem-excon-0.52.0-12.3.8
Image SLES12-SP5-Azure-Standard-On-Demand:ruby2.1-rubygem-excon-0.52.0-12.3.8
Image SLES12-SP5-EC2-ECS-On-Demand:ruby2.1-rubygem-excon-0.52.0-12.3.8
Image SLES12-SP5-EC2-On-Demand:ruby2.1-rubygem-excon-0.52.0-12.3.8
Ссылки
- CVE-2019-16779
- SUSE Bug 1159342