openSUSE-SU-2018:4041-1

Опубликовано: 07 дек. 2018

Источник: suse-cvrf

Описание

Security update for rubygem-activejob-5_1

This update for rubygem-activejob-5_1 fixes the following issues:

Security issue fixed:

CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

ruby2.5-rubygem-activejob-5_1-5.1.4-lp150.2.3.1

ruby2.5-rubygem-activejob-doc-5_1-5.1.4-lp150.2.3.1

rubygem-activejob-5_1-5.1.4-lp150.2.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00013.html
E-Mail link for openSUSE-SU-2018:4041-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.

Затронутые продукты

openSUSE Leap 15.0:ruby2.5-rubygem-activejob-5_1-5.1.4-lp150.2.3.1

openSUSE Leap 15.0:ruby2.5-rubygem-activejob-doc-5_1-5.1.4-lp150.2.3.1

openSUSE Leap 15.0:rubygem-activejob-5_1-5.1.4-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16476.html
CVE-2018-16476
https://bugzilla.suse.com/1117632
SUSE Bug 1117632

openSUSE-SU-2018:4041-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-16476

Описание

Затронутые продукты

Ссылки