This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command . - CVE-2016-7798: Fixed an IV Reuse in GCM Mode . - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf . - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters . - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients . - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system . - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients . - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability . - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range during regex compilation . - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head in oniguruma . - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick . - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode . - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call . - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP . - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick . - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize . - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir . - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick . - CVE-2018-8778: Fixed a buffer under-read in String#unpack . - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket . - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir . - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking . - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives . - CVE-2018-1000073: Fixed a path traversal issue . - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML . - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service . - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs . - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems . - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server . - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations . - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files . - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose . - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner . - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling . - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution . - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors . - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? . - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick"s digest access authentication . - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick . - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test . - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON . Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated . Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter