SUSE-SU-2022:3259-1

Опубликовано: 12 сент. 2022

Источник: suse-cvrf

Описание

Security update for rubygem-kramdown

This update for rubygem-kramdown fixes the following issues:

CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution (bsc#1174297).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-EC2-HVM

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP3-SAP-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP3-SAP-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-BYOS-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Azure-3P

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-BYOS-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-BYOS-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-EC2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-GCE

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP1

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP2

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP3

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP4

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

openSUSE Leap 15.3

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

ruby2.5-rubygem-kramdown-doc-1.15.0-150000.3.3.1

ruby2.5-rubygem-kramdown-testsuite-1.15.0-150000.3.3.1

openSUSE Leap 15.4

ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

ruby2.5-rubygem-kramdown-doc-1.15.0-150000.3.3.1

ruby2.5-rubygem-kramdown-testsuite-1.15.0-150000.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223259-1/
Link for SUSE-SU-2022:3259-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012214.html
E-Mail link for SUSE-SU-2022:3259-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1174297
SUSE Bug 1174297
https://www.suse.com/security/cve/CVE-2020-14001/
SUSE CVE CVE-2020-14001 page

Описание

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14001.html
CVE-2020-14001
https://bugzilla.suse.com/1174297
SUSE Bug 1174297

SUSE-SU-2022:3259-1

Описание

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP4-SAP-BYOS

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

Image SLES15-SP4-SAP-Hardened-EC2

Image SLES15-SP4-SAP-Hardened-GCE

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-EC2

Image SLES15-SP5-SAP-Hardened-GCE

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

SUSE Linux Enterprise High Availability Extension 15

SUSE Linux Enterprise High Availability Extension 15 SP1

SUSE Linux Enterprise High Availability Extension 15 SP2

SUSE Linux Enterprise High Availability Extension 15 SP3

SUSE Linux Enterprise High Availability Extension 15 SP4

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2020-14001

Описание

Затронутые продукты

Ссылки