Описание
Security update for ruby2.5
This update for ruby2.5 fixes the following issues:
- CVE-2024-35221: Fixed remote denial of service via YAML manifest (bsc#1225905)
Список пакетов
Image SLES15-SP5-Azure-3P
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
Image SLES15-SP6
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
Image SLES15-SP6-Azure-3P
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
Image SLES15-SP6-Azure-Standard
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Enterprise Storage 7.1
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Manager Proxy LTS 4.3
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
SUSE Manager Server LTS 4.3
libruby2_5-2_5-2.5.9-150000.4.49.1
ruby2.5-2.5.9-150000.4.49.1
ruby2.5-devel-2.5.9-150000.4.49.1
ruby2.5-devel-extra-2.5.9-150000.4.49.1
ruby2.5-stdlib-2.5.9-150000.4.49.1
Ссылки
- Link for SUSE-SU-2025:02814-2
- E-Mail link for SUSE-SU-2025:02814-2
- SUSE Security Ratings
- SUSE Bug 1225905
- SUSE CVE CVE-2024-35221 page
Описание
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. There is is no action required by users. This issue is also tracked as GHSL-2024-001 and was discovered by the GitHub security lab.
Затронутые продукты
Image SLES15-SP5-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.49.1
Image SLES15-SP5-Azure-3P:ruby2.5-2.5.9-150000.4.49.1
Image SLES15-SP5-Azure-3P:ruby2.5-stdlib-2.5.9-150000.4.49.1
Image SLES15-SP6-Azure-3P:libruby2_5-2_5-2.5.9-150000.4.49.1
Ссылки
- CVE-2024-35221
- SUSE Bug 1225905