Описание
Security update for rubygem-actionview-5_1
This update for rubygem-actionview-5_1 fixes the following issues:
- CVE-2022-27777: Fixed possible cross-site scripting vulnerability in Action View tag helpers (bsc#1199060).
- CVE-2020-15169: Fixed cross-site scripting in translation helpers (bsc#1176421).
- CVE-2020-8167: Fixed CSRF vulnerability in rails-ujs (bsc#1172184).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-EC2-HVM
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP3-SAP-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP3-SAP-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-BYOS-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP4-SAP-Hardened-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Azure-3P
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-BYOS-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Hardened-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Hardened-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP5-SAP-Hardened-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-BYOS-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened-BYOS
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened-EC2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP6-SAP-Hardened-GCE
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP2
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
SUSE Linux Enterprise High Availability Extension 15 SP4
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
openSUSE Leap 15.4
ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
ruby2.5-rubygem-actionview-doc-5_1-5.1.4-150000.3.6.1
Ссылки
- Link for SUSE-SU-2023:2059-1
- E-Mail link for SUSE-SU-2023:2059-1
- SUSE Security Ratings
- SUSE Bug 1172184
- SUSE Bug 1176421
- SUSE Bug 1199060
- SUSE CVE CVE-2020-15169 page
- SUSE CVE CVE-2020-8167 page
- SUSE CVE CVE-2022-27777 page
Описание
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Ссылки
- CVE-2020-15169
- SUSE Bug 1176421
Описание
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Ссылки
- CVE-2020-8167
- SUSE Bug 1172184
Описание
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1
Ссылки
- CVE-2022-27777
- SUSE Bug 1199060