SUSE-SU-2022:3212-1

Опубликовано: 08 сент. 2022

Источник: suse-cvrf

Описание

Security update for rubygem-rake

This update for rubygem-rake fixes the following issues:

CVE-2020-8130: Fixed a command injection when supplying a filename that began with the pipe character (bsc#1164804).

Список пакетов

SUSE Linux Enterprise Module for Containers 12

ruby2.1-rubygem-rake-10.3.2-9.7.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223212-1/
Link for SUSE-SU-2022:3212-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012195.html
E-Mail link for SUSE-SU-2022:3212-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1164804
SUSE Bug 1164804
https://www.suse.com/security/cve/CVE-2020-8130/
SUSE CVE CVE-2020-8130 page

Описание

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

Затронутые продукты

SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-rake-10.3.2-9.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8130.html
CVE-2020-8130
https://bugzilla.suse.com/1164804
SUSE Bug 1164804

SUSE-SU-2022:3212-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Containers 12

Ссылки

Уязвимость: CVE-2020-8130

Описание

Затронутые продукты

Ссылки