SUSE-SU-2024:0103-1

Опубликовано: 15 янв. 2024

Источник: suse-cvrf

Описание

Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-5_1 fixes the following issues:

CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF (bsc#1172182).

Список пакетов

Image SLES15-SP2-SAP-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP2-SAP-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP3-SAP-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP3-SAP-BYOS-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-BYOS-EC2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-BYOS-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Hardened

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Hardened-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Hardened-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP4-SAP-Hardened-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Azure-3P

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-BYOS-EC2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-BYOS-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Hardened-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP5-SAP-Hardened-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-BYOS-EC2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-BYOS-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened-BYOS

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened-EC2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP6-SAP-Hardened-GCE

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

SUSE Linux Enterprise High Availability Extension 15 SP1

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

SUSE Linux Enterprise High Availability Extension 15 SP2

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

SUSE Linux Enterprise High Availability Extension 15 SP3

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

SUSE Linux Enterprise High Availability Extension 15 SP4

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

SUSE Linux Enterprise High Availability Extension 15 SP5

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

openSUSE Leap 15.4

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.29.1

openSUSE Leap 15.5

ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.29.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240103-1/
Link for SUSE-SU-2024:0103-1
https://lists.suse.com/pipermail/sle-security-updates/2024-January/017656.html
E-Mail link for SUSE-SU-2024:0103-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172182
SUSE Bug 1172182
https://bugzilla.suse.com/1215707
SUSE Bug 1215707
https://www.suse.com/security/cve/CVE-2020-8166/
SUSE CVE CVE-2020-8166 page

Описание

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

Затронутые продукты

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP2-SAP-Azure:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Image SLES15-SP2-SAP-BYOS-Azure:ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.29.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8166.html
CVE-2020-8166
https://bugzilla.suse.com/1172182
SUSE Bug 1172182

SUSE-SU-2024:0103-1

Описание

Список пакетов

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP4-SAP-BYOS

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-BYOS-GCE

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

Image SLES15-SP4-SAP-Hardened-GCE

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

Image SLES15-SP5-SAP-Hardened-GCE

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

SUSE Linux Enterprise High Availability Extension 15 SP1

SUSE Linux Enterprise High Availability Extension 15 SP2

SUSE Linux Enterprise High Availability Extension 15 SP3

SUSE Linux Enterprise High Availability Extension 15 SP4

SUSE Linux Enterprise High Availability Extension 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2020-8166

Описание

Затронутые продукты

Ссылки