SUSE-SU-2017:1067-1 -- SLES libruby2_1-2_1, ruby2.1ID: oval:org.secpod.oval:def:89044784 | Date: (C)2021-07-20 (M)2024-02-19 |
Class: PATCH | Family: unix |
This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877)
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
libruby2_1-2_1 |
ruby2.1 |