Описание
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues:
- CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be used to overwrite existing prefixed cookie names (bsc#1173351).
- CVE-2020-8161: Fixed directory traversal in Rack:Directory (bsc#1172037).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP4-SAP-Hardened-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Azure-3P
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP5-SAP-Hardened-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened-BYOS
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened-EC2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP6-SAP-Hardened-GCE
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP4
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
openSUSE Leap 15.3
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.9.1
openSUSE Leap 15.4
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.9.1
Ссылки
- Link for SUSE-SU-2022:3347-1
- E-Mail link for SUSE-SU-2022:3347-1
- SUSE Security Ratings
- SUSE Bug 1172037
- SUSE Bug 1173351
- SUSE CVE CVE-2020-8161 page
- SUSE CVE CVE-2020-8184 page
Описание
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Ссылки
- CVE-2020-8161
- SUSE Bug 1172037
Описание
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
Ссылки
- CVE-2020-8184
- SUSE Bug 1173351
- SUSE Bug 1177352
- SUSE Bug 1193081