Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0736-1

Опубликовано: 26 фев. 2025
Источник: suse-cvrf

Описание

Security update for ruby2.5

This update for ruby2.5 fixes the following issues:

  • CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick (bsc#1230930)
  • CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml (bsc#1232440)

Other fixes:

  • [ruby/uri] Fix quadratic backtracking on invalid relative URI
  • [ruby/time] Make RFC2822 regexp linear
  • [ruby/time] Fix quadratic backtracking on invalid time
  • merge some parts of CGI 0.1.1

Список пакетов

Container bci/ruby:latest
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
Container suse/rmt-server:latest
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
Image SLES15-SP5-Azure-3P
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
Image SLES15-SP5-SAP-Azure-3P
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Enterprise Storage 7.1
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Manager Proxy 4.3
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
SUSE Manager Server 4.3
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1
openSUSE Leap 15.6
libruby2_5-2_5-2.5.9-150000.4.36.1
ruby2.5-2.5.9-150000.4.36.1
ruby2.5-devel-2.5.9-150000.4.36.1
ruby2.5-devel-extra-2.5.9-150000.4.36.1
ruby2.5-doc-2.5.9-150000.4.36.1
ruby2.5-doc-ri-2.5.9-150000.4.36.1
ruby2.5-stdlib-2.5.9-150000.4.36.1

Ссылки

Описание

** DISPUTED ** An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

Затронутые продукты
Container bci/ruby:latest:libruby2_5-2_5-2.5.9-150000.4.36.1
Container bci/ruby:latest:ruby2.5-2.5.9-150000.4.36.1
Container bci/ruby:latest:ruby2.5-devel-2.5.9-150000.4.36.1
Container bci/ruby:latest:ruby2.5-stdlib-2.5.9-150000.4.36.1
Ссылки

Описание

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Затронутые продукты
Container bci/ruby:latest:libruby2_5-2_5-2.5.9-150000.4.36.1
Container bci/ruby:latest:ruby2.5-2.5.9-150000.4.36.1
Container bci/ruby:latest:ruby2.5-devel-2.5.9-150000.4.36.1
Container bci/ruby:latest:ruby2.5-stdlib-2.5.9-150000.4.36.1
Ссылки
Уязвимость SUSE-SU-2025:0736-1