Test Kennung:	1.3.6.1.4.1.25623.1.0.851543
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for ruby2.1 (openSUSE-SU-2017:1128-1)
Zusammenfassung:	The remote host is missing an update for the 'ruby2.1'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ruby2.1' package(s) announced via the referenced advisory. Vulnerability Insight: This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) This update was imported from the SUSE:SLE-12:Update update project. Affected Software/OS: ruby2.1 on openSUSE Leap 42.2, openSUSE Leap 42.1 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4975 BugTraq ID: 68474 http://www.securityfocus.com/bid/68474 Debian Security Information: DSA-3157 (Google Search) http://www.debian.org/security/2015/dsa-3157 http://www.mandriva.com/security/advisories?name=MDVSA-2015:129 http://www.openwall.com/lists/oss-security/2014/07/09/13 RedHat Security Advisories: RHSA-2014:1912 http://rhn.redhat.com/errata/RHSA-2014-1912.html RedHat Security Advisories: RHSA-2014:1913 http://rhn.redhat.com/errata/RHSA-2014-1913.html RedHat Security Advisories: RHSA-2014:1914 http://rhn.redhat.com/errata/RHSA-2014-1914.html http://www.ubuntu.com/usn/USN-2397-1 XForce ISS Database: ruby-cve20144975-bo(94706) https://exchange.xforce.ibmcloud.com/vulnerabilities/94706 Common Vulnerability Exposure (CVE) ID: CVE-2015-1855 http://www.debian.org/security/2015/dsa-3245 http://www.debian.org/security/2015/dsa-3246 http://www.debian.org/security/2015/dsa-3247 https://bugs.ruby-lang.org/issues/9644 https://puppetlabs.com/security/cve/cve-2015-1855 https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ Common Vulnerability Exposure (CVE) ID: CVE-2015-3900 BugTraq ID: 75482 http://www.securityfocus.com/bid/75482 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356 https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/ http://www.openwall.com/lists/oss-security/2015/06/26/2 RedHat Security Advisories: RHSA-2015:1657 http://rhn.redhat.com/errata/RHSA-2015-1657.html Common Vulnerability Exposure (CVE) ID: CVE-2015-7551 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 76060 http://www.securityfocus.com/bid/76060 RedHat Security Advisories: RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583 Common Vulnerability Exposure (CVE) ID: CVE-2016-2339 BugTraq ID: 91234 http://www.securityfocus.com/bid/91234 http://www.talosintelligence.com/reports/TALOS-2016-0034/ https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.