SUSE-SU-2023:0328-1

Опубликовано: 09 фев. 2023

Источник: suse-cvrf

Описание

Security update for rubygem-globalid

This update for rubygem-globalid fixes the following issues:

CVE-2023-22799: Fixed ReDoS vulnerability (bsc#1207587).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-EC2-HVM

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP3-SAP-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP3-SAP-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-BYOS-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP4-SAP-Hardened-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Azure-3P

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-BYOS-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP5-SAP-Hardened-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-BYOS-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-EC2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP6-SAP-Hardened-GCE

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP1

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP2

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP3

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

SUSE Linux Enterprise High Availability Extension 15 SP4

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

openSUSE Leap 15.4

ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

ruby2.5-rubygem-globalid-doc-0.4.1-150000.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230328-1/
Link for SUSE-SU-2023:0328-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013709.html
E-Mail link for SUSE-SU-2023:0328-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207587
SUSE Bug 1207587
https://www.suse.com/security/cve/CVE-2023-22799/
SUSE CVE CVE-2023-22799 page

Описание

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-22799.html
CVE-2023-22799
https://bugzilla.suse.com/1207587
SUSE Bug 1207587

SUSE-SU-2023:0328-1

Описание

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP4-SAP-BYOS

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

Image SLES15-SP4-SAP-Hardened-EC2

Image SLES15-SP4-SAP-Hardened-GCE

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-EC2

Image SLES15-SP5-SAP-Hardened-GCE

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

SUSE Linux Enterprise High Availability Extension 15 SP1

SUSE Linux Enterprise High Availability Extension 15 SP2

SUSE Linux Enterprise High Availability Extension 15 SP3

SUSE Linux Enterprise High Availability Extension 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-22799

Описание

Затронутые продукты

Ссылки