Описание
Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-5_1 fixes the following issues:
Security issues fixed:
- CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272).
- CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
ruby2.5-rubygem-actionpack-5_1-5.1.4-lp150.2.3.1
ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1344-1
- SUSE Security Ratings
- SUSE Bug 1129271
- SUSE Bug 1129272
- SUSE CVE CVE-2019-5418 page
- SUSE CVE CVE-2019-5419 page
Описание
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Затронутые продукты
openSUSE Leap 15.0:ruby2.5-rubygem-actionpack-5_1-5.1.4-lp150.2.3.1
openSUSE Leap 15.0:ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-lp150.2.3.1
Ссылки
- CVE-2019-5418
- SUSE Bug 1129272
Описание
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Затронутые продукты
openSUSE Leap 15.0:ruby2.5-rubygem-actionpack-5_1-5.1.4-lp150.2.3.1
openSUSE Leap 15.0:ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-lp150.2.3.1
Ссылки
- CVE-2019-5419
- SUSE Bug 1129271
- SUSE Bug 1203810