SUSE-SU-2022:4016-1

Опубликовано: 16 нояб. 2022

Источник: suse-cvrf

Описание

Security update for rubygem-nokogiri

This update for rubygem-nokogiri fixes the following issues:

CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408)
CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782)

Список пакетов

Image SLES15-SP4

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Azure-Basic

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Azure-Standard

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-HPC-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Hardened-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Hardened-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Hardened-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Hardened-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAP-Hardened-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAPCAL

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAPCAL-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAPCAL-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-SAPCAL-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-Azure-3P

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-Azure-Basic

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-Azure-Standard

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-HPC-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-HPC-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-HPC-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-HPC-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-HPC-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-HPC-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-Hardened-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-Hardened-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-Hardened-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Azure-3P

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Hardened-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Hardened-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAP-Hardened-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAPCAL-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAPCAL-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP5-SAPCAL-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-Azure-Basic

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-Azure-Standard

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-HPC-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-Hardened-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-Hardened-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-Hardened-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-Hardened-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened-BYOS

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAP-Hardened-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAPCAL

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAPCAL-Azure

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAPCAL-EC2

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP6-SAPCAL-GCE

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

openSUSE Leap 15.4

ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

ruby2.5-rubygem-nokogiri-doc-1.8.5-150400.14.3.1

ruby2.5-rubygem-nokogiri-testsuite-1.8.5-150400.14.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224016-1/
Link for SUSE-SU-2022:4016-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012946.html
E-Mail link for SUSE-SU-2022:4016-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1198408
SUSE Bug 1198408
https://bugzilla.suse.com/1199782
SUSE Bug 1199782
https://www.suse.com/security/cve/CVE-2022-24836/
SUSE CVE CVE-2022-24836 page
https://www.suse.com/security/cve/CVE-2022-29181/
SUSE CVE CVE-2022-29181 page

Описание

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.

Затронутые продукты

Image SLES15-SP4-Azure-Basic:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Azure-Standard:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS-Azure:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS-EC2:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24836.html
CVE-2022-24836
https://bugzilla.suse.com/1198408
SUSE Bug 1198408

Описание

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.

Затронутые продукты

Image SLES15-SP4-Azure-Basic:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-Azure-Standard:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS-Azure:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Image SLES15-SP4-BYOS-EC2:ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-29181.html
CVE-2022-29181
https://bugzilla.suse.com/1199782
SUSE Bug 1199782