Описание
Security update for rubygem-nokogiri
This update for rubygem-nokogiri fixes the following issues:
- CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408)
- CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782)
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-BYOS-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-BYOS-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-BYOS-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-HPC-BYOS-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-HPC-BYOS-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAPCAL-Azure
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAPCAL-EC2-HVM
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP3-SAPCAL-GCE
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
openSUSE Leap 15.3
ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
ruby2.5-rubygem-nokogiri-doc-1.8.5-150000.3.9.1
ruby2.5-rubygem-nokogiri-testsuite-1.8.5-150000.3.9.1
Ссылки
- Link for SUSE-SU-2022:4015-1
- E-Mail link for SUSE-SU-2022:4015-1
- SUSE Security Ratings
- SUSE Bug 1198408
- SUSE Bug 1199782
- SUSE CVE CVE-2022-24836 page
- SUSE CVE CVE-2022-29181 page
Описание
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Ссылки
- CVE-2022-24836
- SUSE Bug 1198408
Описание
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1
Ссылки
- CVE-2022-29181
- SUSE Bug 1199782