openSUSE-SU-2020:0036-1

Опубликовано: 13 янв. 2020

Источник: suse-cvrf

Описание

Security update for rubygem-excon

This update for rubygem-excon fixes the following issues:

CVE-2019-16779 (boo#1159342): Fix a race condition around persistent connections, where a connection, which was interrupted, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response.

Список пакетов

openSUSE Leap 15.1

ruby2.5-rubygem-excon-0.59.0-lp151.3.3.1

ruby2.5-rubygem-excon-doc-0.59.0-lp151.3.3.1

ruby2.5-rubygem-excon-testsuite-0.59.0-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZGWO6G7VLDG32O4P5HJNHJHSO3NC52T5/
E-Mail link for openSUSE-SU-2020:0036-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1159342
SUSE Bug 1159342
https://www.suse.com/security/cve/CVE-2019-16779/
SUSE CVE CVE-2019-16779 page

Описание

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.

Затронутые продукты

openSUSE Leap 15.1:ruby2.5-rubygem-excon-0.59.0-lp151.3.3.1

openSUSE Leap 15.1:ruby2.5-rubygem-excon-doc-0.59.0-lp151.3.3.1

openSUSE Leap 15.1:ruby2.5-rubygem-excon-testsuite-0.59.0-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-16779.html
CVE-2019-16779
https://bugzilla.suse.com/1159342
SUSE Bug 1159342

openSUSE-SU-2020:0036-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-16779

Описание

Затронутые продукты

Ссылки