Описание
Security update for rubygem-activesupport-5_1
This update for rubygem-activesupport-5_1 fixes the following issues:
- CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression (bsc#1207454).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP4-SAP-Hardened-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Azure-3P
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP5-SAP-Hardened-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-BYOS-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-EC2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP6-SAP-Hardened-GCE
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
SUSE Linux Enterprise High Availability Extension 15 SP4
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
openSUSE Leap 15.4
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.12.1
Ссылки
- Link for SUSE-SU-2023:0275-1
- E-Mail link for SUSE-SU-2023:0275-1
- SUSE Security Ratings
- SUSE Bug 1207454
- SUSE CVE CVE-2023-22796 page
Описание
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1
Ссылки
- CVE-2023-22796
- SUSE Bug 1207454