SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2020:1570-1)

High Nessus Plugin ID 137599

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for ruby2.1 fixes the following issues :

Security issues fixed :

CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983).

CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265).

CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755).

CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286).

CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286).

CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286).

CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286).

CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452).

CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607).

CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632).

CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754).

CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757).

CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782).

CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002).

CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434).

CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782).

CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441).

CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436).

CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433).

CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440).

CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437).

CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530).

CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532).

CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007).

CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008).

CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014).

CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009).

CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010).

CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011).

CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058).

CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627).

CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623).

CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622).

CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620).

CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617).

CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611).

CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994).

CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995).

CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992).

CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990).

CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517).

Non-security issue fixed :

Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072).

Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud Crowbar 8 :

zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1570=1

SUSE OpenStack Cloud 8 :

zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1570=1

SUSE OpenStack Cloud 7 :

zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1570=1

SUSE Linux Enterprise Software Development Kit 12-SP5 :

zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1570=1

SUSE Linux Enterprise Software Development Kit 12-SP4 :

zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1570=1

SUSE Linux Enterprise Server for SAP 12-SP3 :

zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1570=1

SUSE Linux Enterprise Server for SAP 12-SP2 :

zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1570=1

SUSE Linux Enterprise Server 12-SP5 :

zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1570=1

SUSE Linux Enterprise Server 12-SP4 :

zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1570=1

SUSE Linux Enterprise Server 12-SP3-LTSS :

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1570=1

SUSE Linux Enterprise Server 12-SP3-BCL :

zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1570=1

SUSE Linux Enterprise Server 12-SP2-LTSS :

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1570=1

SUSE Linux Enterprise Server 12-SP2-BCL :

zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1570=1

SUSE Enterprise Storage 5 :

zypper in -t patch SUSE-Storage-5-2020-1570=1

HPE Helion Openstack 8 :

zypper in -t patch HPE-Helion-OpenStack-8-2020-1570=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1043983

https://bugzilla.suse.com/show_bug.cgi?id=1048072

https://bugzilla.suse.com/show_bug.cgi?id=1055265

https://bugzilla.suse.com/show_bug.cgi?id=1056286

https://bugzilla.suse.com/show_bug.cgi?id=1056782

https://bugzilla.suse.com/show_bug.cgi?id=1058754

https://bugzilla.suse.com/show_bug.cgi?id=1058755

https://bugzilla.suse.com/show_bug.cgi?id=1058757

https://bugzilla.suse.com/show_bug.cgi?id=1062452

https://bugzilla.suse.com/show_bug.cgi?id=1069607

https://bugzilla.suse.com/show_bug.cgi?id=1069632

https://bugzilla.suse.com/show_bug.cgi?id=1073002

https://bugzilla.suse.com/show_bug.cgi?id=1078782

https://bugzilla.suse.com/show_bug.cgi?id=1082007

https://bugzilla.suse.com/show_bug.cgi?id=1082008

https://bugzilla.suse.com/show_bug.cgi?id=1082009

https://bugzilla.suse.com/show_bug.cgi?id=1082010

https://bugzilla.suse.com/show_bug.cgi?id=1082011

https://bugzilla.suse.com/show_bug.cgi?id=1082014

https://bugzilla.suse.com/show_bug.cgi?id=1082058

https://bugzilla.suse.com/show_bug.cgi?id=1087433

https://bugzilla.suse.com/show_bug.cgi?id=1087434

https://bugzilla.suse.com/show_bug.cgi?id=1087436

https://bugzilla.suse.com/show_bug.cgi?id=1087437

https://bugzilla.suse.com/show_bug.cgi?id=1087440

https://bugzilla.suse.com/show_bug.cgi?id=1087441

https://bugzilla.suse.com/show_bug.cgi?id=1112530

https://bugzilla.suse.com/show_bug.cgi?id=1112532

https://bugzilla.suse.com/show_bug.cgi?id=1130611

https://bugzilla.suse.com/show_bug.cgi?id=1130617

https://bugzilla.suse.com/show_bug.cgi?id=1130620

https://bugzilla.suse.com/show_bug.cgi?id=1130622

https://bugzilla.suse.com/show_bug.cgi?id=1130623

https://bugzilla.suse.com/show_bug.cgi?id=1130627

https://bugzilla.suse.com/show_bug.cgi?id=1152990

https://bugzilla.suse.com/show_bug.cgi?id=1152992

https://bugzilla.suse.com/show_bug.cgi?id=1152994

https://bugzilla.suse.com/show_bug.cgi?id=1152995

https://bugzilla.suse.com/show_bug.cgi?id=1171517

https://bugzilla.suse.com/show_bug.cgi?id=1172275

https://www.suse.com/security/cve/CVE-2015-9096/

https://www.suse.com/security/cve/CVE-2016-2339/

https://www.suse.com/security/cve/CVE-2016-7798/

https://www.suse.com/security/cve/CVE-2017-0898/

https://www.suse.com/security/cve/CVE-2017-0899/

https://www.suse.com/security/cve/CVE-2017-0900/

https://www.suse.com/security/cve/CVE-2017-0901/

https://www.suse.com/security/cve/CVE-2017-0902/

https://www.suse.com/security/cve/CVE-2017-0903/

https://www.suse.com/security/cve/CVE-2017-10784/

https://www.suse.com/security/cve/CVE-2017-14033/

https://www.suse.com/security/cve/CVE-2017-14064/

https://www.suse.com/security/cve/CVE-2017-17405/

https://www.suse.com/security/cve/CVE-2017-17742/

https://www.suse.com/security/cve/CVE-2017-17790/

https://www.suse.com/security/cve/CVE-2017-9228/

https://www.suse.com/security/cve/CVE-2017-9229/

https://www.suse.com/security/cve/CVE-2018-1000073/

https://www.suse.com/security/cve/CVE-2018-1000074/

https://www.suse.com/security/cve/CVE-2018-1000075/

https://www.suse.com/security/cve/CVE-2018-1000076/

https://www.suse.com/security/cve/CVE-2018-1000077/

https://www.suse.com/security/cve/CVE-2018-1000078/

https://www.suse.com/security/cve/CVE-2018-1000079/

https://www.suse.com/security/cve/CVE-2018-16395/

https://www.suse.com/security/cve/CVE-2018-16396/

https://www.suse.com/security/cve/CVE-2018-6914/

https://www.suse.com/security/cve/CVE-2018-8777/

https://www.suse.com/security/cve/CVE-2018-8778/

https://www.suse.com/security/cve/CVE-2018-8779/

https://www.suse.com/security/cve/CVE-2018-8780/

https://www.suse.com/security/cve/CVE-2019-15845/

https://www.suse.com/security/cve/CVE-2019-16201/

https://www.suse.com/security/cve/CVE-2019-16254/

https://www.suse.com/security/cve/CVE-2019-16255/

https://www.suse.com/security/cve/CVE-2019-8320/

https://www.suse.com/security/cve/CVE-2019-8321/

https://www.suse.com/security/cve/CVE-2019-8322/

https://www.suse.com/security/cve/CVE-2019-8323/

https://www.suse.com/security/cve/CVE-2019-8324/

https://www.suse.com/security/cve/CVE-2019-8325/

https://www.suse.com/security/cve/CVE-2020-10663/

http://www.nessus.org/u?1d525cde

Plugin Details

Severity: High

ID: 137599

File Name: suse_SU-2020-1570-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2020/06/18

Updated: 2020/08/13

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2017-17405

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libruby2_1, p-cpe:/a:novell:suse_linux:libruby2_1-2_1-debuginfo, p-cpe:/a:novell:suse_linux:ruby2.1, p-cpe:/a:novell:suse_linux:ruby2.1-debuginfo, p-cpe:/a:novell:suse_linux:ruby2.1-debugsource, p-cpe:/a:novell:suse_linux:ruby2.1-stdlib, p-cpe:/a:novell:suse_linux:ruby2.1-stdlib-debuginfo, p-cpe:/a:novell:suse_linux:yast2-ruby-bindings, p-cpe:/a:novell:suse_linux:yast2-ruby-bindings-debuginfo, p-cpe:/a:novell:suse_linux:yast2-ruby-bindings-debugsource, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2020/06/09

Vulnerability Publication Date: 2017/01/06

Reference Information

CVE: CVE-2015-9096, CVE-2016-2339, CVE-2016-7798, CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17405, CVE-2017-17742, CVE-2017-17790, CVE-2017-9228, CVE-2017-9229, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-16395, CVE-2018-16396, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780, CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325, CVE-2020-10663