SUSE-SU-2023:3813-1

Опубликовано: 27 сент. 2023

Источник: suse-cvrf

Описание

Security update for rubygem-actionview-5_1

This update for rubygem-actionview-5_1 fixes the following issues:

CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs (bsc#1209826).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-EC2-HVM

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP3-SAP-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP3-SAP-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-BYOS-EC2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Hardened

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Hardened-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Hardened-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP4-SAP-Hardened-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Azure-3P

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-BYOS-EC2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Hardened-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP5-SAP-Hardened-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-BYOS-EC2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened-BYOS

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened-EC2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP6-SAP-Hardened-GCE

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

SUSE Linux Enterprise High Availability Extension 15 SP1

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

SUSE Linux Enterprise High Availability Extension 15 SP2

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

SUSE Linux Enterprise High Availability Extension 15 SP3

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

SUSE Linux Enterprise High Availability Extension 15 SP4

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

SUSE Linux Enterprise High Availability Extension 15 SP5

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

openSUSE Leap 15.4

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

ruby2.5-rubygem-actionview-doc-5_1-5.1.4-150000.3.9.1

openSUSE Leap 15.5

ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

ruby2.5-rubygem-actionview-doc-5_1-5.1.4-150000.3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233813-1/
Link for SUSE-SU-2023:3813-1
https://lists.suse.com/pipermail/sle-security-updates/2023-September/016345.html
E-Mail link for SUSE-SU-2023:3813-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209826
SUSE Bug 1209826
https://www.suse.com/security/cve/CVE-2023-23913/
SUSE CVE CVE-2023-23913 page

Описание

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-23913.html
CVE-2023-23913
https://bugzilla.suse.com/1209826
SUSE Bug 1209826

SUSE-SU-2023:3813-1

Описание

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP4-SAP-BYOS

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

Image SLES15-SP4-SAP-Hardened-GCE

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-GCE

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

SUSE Linux Enterprise High Availability Extension 15 SP1

SUSE Linux Enterprise High Availability Extension 15 SP2

SUSE Linux Enterprise High Availability Extension 15 SP3

SUSE Linux Enterprise High Availability Extension 15 SP4

SUSE Linux Enterprise High Availability Extension 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-23913

Описание

Затронутые продукты

Ссылки