Описание
Security update for ruby2.5
This update for ruby2.5 fixes the following issues:
- CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125).
- Enable optimizations also on ARM64 (bsc#1177222)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libruby2_5-2_5-2.5.8-lp152.2.3.1
ruby2.5-2.5.8-lp152.2.3.1
ruby2.5-devel-2.5.8-lp152.2.3.1
ruby2.5-devel-extra-2.5.8-lp152.2.3.1
ruby2.5-doc-2.5.8-lp152.2.3.1
ruby2.5-doc-ri-2.5.8-lp152.2.3.1
ruby2.5-stdlib-2.5.8-lp152.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0471-1
- SUSE Security Ratings
- SUSE Bug 1177125
- SUSE Bug 1177222
- SUSE CVE CVE-2020-25613 page
Описание
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
Затронутые продукты
openSUSE Leap 15.2:libruby2_5-2_5-2.5.8-lp152.2.3.1
openSUSE Leap 15.2:ruby2.5-2.5.8-lp152.2.3.1
openSUSE Leap 15.2:ruby2.5-devel-2.5.8-lp152.2.3.1
openSUSE Leap 15.2:ruby2.5-devel-extra-2.5.8-lp152.2.3.1
Ссылки
- CVE-2020-25613
- SUSE Bug 1177125