Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:0444-1

Опубликовано: 17 фев. 2023
Источник: suse-cvrf

Описание

Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-5_1 fixes the following issues:

  • CVE-2023-22795: Fixed ReDoS in Action Dispatch cache (bsc#1207451).
  • CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies (bnc#1207455).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-BYOS-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP4-SAP-Hardened-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Azure-3P
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-BYOS-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Hardened-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Hardened-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP5-SAP-Hardened-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-BYOS-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened-BYOS
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened-EC2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP6-SAP-Hardened-GCE
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
SUSE Linux Enterprise High Availability Extension 15 SP4
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
openSUSE Leap 15.4
ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.15.1

Ссылки

Описание

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Ссылки

Описание

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1
Ссылки
Уязвимость SUSE-SU-2023:0444-1