Описание
Security update for ruby2.1
This update for ruby2.1 fixes the following issues:
- CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125).
- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
Список пакетов
HPE Helion OpenStack 8
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-Azure-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-EC2-HVM-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-GCE-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-Azure
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-Azure-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-EC2-HVM
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-GCE
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-SAP-GCE-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-Azure-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-Azure-Basic-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-Azure-HPC-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-Azure-HPC-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-Azure-SAP-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-Azure-SAP-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-Azure-Standard-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-EC2-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-EC2-ECS-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-EC2-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-EC2-SAP-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-EC2-SAP-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-GCE-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-GCE-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-GCE-SAP-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-GCE-SAP-On-Demand
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-OCI-BYOS-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server 12 SP2-BCL
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server 12 SP3-BCL
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server 12 SP5
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE Linux Enterprise Software Development Kit 12 SP5
ruby2.1-devel-2.1.9-19.6.1
SUSE OpenStack Cloud 8
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE OpenStack Cloud 9
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE OpenStack Cloud Crowbar 8
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
SUSE OpenStack Cloud Crowbar 9
libruby2_1-2_1-2.1.9-19.6.1
ruby2.1-2.1.9-19.6.1
ruby2.1-stdlib-2.1.9-19.6.1
Ссылки
- Link for SUSE-SU-2021:3837-1
- E-Mail link for SUSE-SU-2021:3837-1
- SUSE Security Ratings
- SUSE Bug 1177125
- SUSE Bug 1188160
- SUSE Bug 1188161
- SUSE Bug 1190375
- SUSE CVE CVE-2020-25613 page
- SUSE CVE CVE-2021-31799 page
- SUSE CVE CVE-2021-31810 page
- SUSE CVE CVE-2021-32066 page
Описание
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
Затронутые продукты
HPE Helion OpenStack 8:libruby2_1-2_1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-Azure-BYOS:libruby2_1-2_1-2.1.9-19.6.1
Ссылки
- CVE-2020-25613
- SUSE Bug 1177125
Описание
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
Затронутые продукты
HPE Helion OpenStack 8:libruby2_1-2_1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-Azure-BYOS:libruby2_1-2_1-2.1.9-19.6.1
Ссылки
- CVE-2021-31799
- SUSE Bug 1190375
- SUSE Bug 1196771
Описание
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
Затронутые продукты
HPE Helion OpenStack 8:libruby2_1-2_1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-Azure-BYOS:libruby2_1-2_1-2.1.9-19.6.1
Ссылки
- CVE-2021-31810
- SUSE Bug 1188161
- SUSE Bug 1193383
- SUSE Bug 1205053
Описание
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Затронутые продукты
HPE Helion OpenStack 8:libruby2_1-2_1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-2.1.9-19.6.1
HPE Helion OpenStack 8:ruby2.1-stdlib-2.1.9-19.6.1
Image SLES12-SP4-Azure-BYOS:libruby2_1-2_1-2.1.9-19.6.1
Ссылки
- CVE-2021-32066
- SUSE Bug 1188160
- SUSE Bug 1196771
- SUSE Bug 1205053