suse-su-2019:1804-1
Vulnerability from csaf_suse
Published
2019-07-10 08:40
Modified
2019-07-10 08:40
Summary
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
Notes
Title of the patch
Security update for ruby-bundled-gems-rpmhelper, ruby2.5
Description of the patch
This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:
Changes in ruby2.5:
Update to 2.5.5 and 2.5.4:
https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/
https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/
Security issues fixed:
- CVE-2019-8320: Delete directory using symlink when
decompressing tar (bsc#1130627)
- CVE-2019-8321: Escape sequence injection vulnerability in
verbose (bsc#1130623)
- CVE-2019-8322: Escape sequence injection vulnerability in gem
owner (bsc#1130622)
- CVE-2019-8323: Escape sequence injection vulnerability in API
response handling (bsc#1130620)
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary
code execution (bsc#1130617)
- CVE-2019-8325: Escape sequence injection vulnerability in
errors (bsc#1130611)
Ruby 2.5 was updated to 2.5.3:
This release includes some bug fixes and some security fixes.
Security issues fixed:
- CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives (bsc#1112532)
- CVE-2018-16395: OpenSSL::X509::Name equality check does not
work correctly (bsc#1112530)
Ruby 2.5 was updated to 2.5.1:
This release includes some bug fixes and some security fixes.
Security issues fixed:
- CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)
- CVE-2018-6914: Unintentional file and directory creation with
directory traversal in tempfile and tmpdir (bsc#1087441)
- CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)
- CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)
- CVE-2018-8779: Unintentional socket creation by poisoned NUL
byte in UNIXServer and UNIXSocket (bsc#1087440)
- CVE-2018-8780: Unintentional directory traversal by poisoned
NUL byte in Dir (bsc#1087437)
- Multiple vulnerabilities in RubyGems were fixed:
- CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058)
- CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014)
- CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011)
- CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010)
- CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009)
- CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008)
- CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007)
Other changes:
- Fixed Net::POPMail methods modify frozen literal when using default arg
- ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)
- build with PIE support (bsc#1130028)
Changes in ruby-bundled-gems-rpmhelper:
- Add a new helper for bundled ruby gems.
Patchnames
SUSE-2019-1804,SUSE-SLE-Module-Basesystem-15-2019-1804,SUSE-SLE-Module-Basesystem-15-SP1-2019-1804,SUSE-SLE-Module-Development-Tools-OBS-15-2019-1804,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1804
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ruby-bundled-gems-rpmhelper, ruby2.5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues:\n\nChanges in ruby2.5:\n\nUpdate to 2.5.5 and 2.5.4:\n\nhttps://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/\nhttps://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/\n\nSecurity issues fixed:\n\n- CVE-2019-8320: Delete directory using symlink when\n decompressing tar (bsc#1130627)\n- CVE-2019-8321: Escape sequence injection vulnerability in\n verbose (bsc#1130623)\n- CVE-2019-8322: Escape sequence injection vulnerability in gem\n owner (bsc#1130622)\n- CVE-2019-8323: Escape sequence injection vulnerability in API\n response handling (bsc#1130620)\n- CVE-2019-8324: Installing a malicious gem may lead to arbitrary\n code execution (bsc#1130617)\n- CVE-2019-8325: Escape sequence injection vulnerability in\n errors (bsc#1130611)\n\n\nRuby 2.5 was updated to 2.5.3:\n\nThis release includes some bug fixes and some security fixes.\n\nSecurity issues fixed:\n\n- CVE-2018-16396: Tainted flags are not propagated in Array#pack\n and String#unpack with some directives (bsc#1112532)\n- CVE-2018-16395: OpenSSL::X509::Name equality check does not\n work correctly (bsc#1112530)\n\nRuby 2.5 was updated to 2.5.1:\n\nThis release includes some bug fixes and some security fixes.\n\nSecurity issues fixed:\n\n- CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)\n- CVE-2018-6914: Unintentional file and directory creation with\n directory traversal in tempfile and tmpdir (bsc#1087441)\n- CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)\n- CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)\n- CVE-2018-8779: Unintentional socket creation by poisoned NUL\n byte in UNIXServer and UNIXSocket (bsc#1087440)\n- CVE-2018-8780: Unintentional directory traversal by poisoned\n NUL byte in Dir (bsc#1087437)\n\n- Multiple vulnerabilities in RubyGems were fixed:\n\n - CVE-2018-1000079: Fixed path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058)\n - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014)\n - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when displayed via gem server (bsc#1082011)\n - CVE-2018-1000077: Fixed that missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (bsc#1082010)\n - CVE-2018-1000076: Fixed improper verification of signatures in tarball allows to install mis-signed gem (bsc#1082009)\n - CVE-2018-1000074: Fixed unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (bsc#1082008)\n - CVE-2018-1000073: Fixed path traversal when writing to a symlinked basedir outside of the root (bsc#1082007)\n\nOther changes:\n\n- Fixed Net::POPMail methods modify frozen literal when using default arg\n- ruby: change over of the Japanese Era to the new emperor May 1st 2019 (bsc#1133790)\n- build with PIE support (bsc#1130028)\n\n\nChanges in ruby-bundled-gems-rpmhelper:\n\n- Add a new helper for bundled ruby gems.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1804,SUSE-SLE-Module-Basesystem-15-2019-1804,SUSE-SLE-Module-Basesystem-15-SP1-2019-1804,SUSE-SLE-Module-Development-Tools-OBS-15-2019-1804,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1804",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1804-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1804-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191804-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1804-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-July/005684.html"
},
{
"category": "self",
"summary": "SUSE Bug 1082007",
"url": "https://bugzilla.suse.com/1082007"
},
{
"category": "self",
"summary": "SUSE Bug 1082008",
"url": "https://bugzilla.suse.com/1082008"
},
{
"category": "self",
"summary": "SUSE Bug 1082009",
"url": "https://bugzilla.suse.com/1082009"
},
{
"category": "self",
"summary": "SUSE Bug 1082010",
"url": "https://bugzilla.suse.com/1082010"
},
{
"category": "self",
"summary": "SUSE Bug 1082011",
"url": "https://bugzilla.suse.com/1082011"
},
{
"category": "self",
"summary": "SUSE Bug 1082014",
"url": "https://bugzilla.suse.com/1082014"
},
{
"category": "self",
"summary": "SUSE Bug 1082058",
"url": "https://bugzilla.suse.com/1082058"
},
{
"category": "self",
"summary": "SUSE Bug 1087433",
"url": "https://bugzilla.suse.com/1087433"
},
{
"category": "self",
"summary": "SUSE Bug 1087434",
"url": "https://bugzilla.suse.com/1087434"
},
{
"category": "self",
"summary": "SUSE Bug 1087436",
"url": "https://bugzilla.suse.com/1087436"
},
{
"category": "self",
"summary": "SUSE Bug 1087437",
"url": "https://bugzilla.suse.com/1087437"
},
{
"category": "self",
"summary": "SUSE Bug 1087440",
"url": "https://bugzilla.suse.com/1087440"
},
{
"category": "self",
"summary": "SUSE Bug 1087441",
"url": "https://bugzilla.suse.com/1087441"
},
{
"category": "self",
"summary": "SUSE Bug 1112530",
"url": "https://bugzilla.suse.com/1112530"
},
{
"category": "self",
"summary": "SUSE Bug 1112532",
"url": "https://bugzilla.suse.com/1112532"
},
{
"category": "self",
"summary": "SUSE Bug 1130028",
"url": "https://bugzilla.suse.com/1130028"
},
{
"category": "self",
"summary": "SUSE Bug 1130611",
"url": "https://bugzilla.suse.com/1130611"
},
{
"category": "self",
"summary": "SUSE Bug 1130617",
"url": "https://bugzilla.suse.com/1130617"
},
{
"category": "self",
"summary": "SUSE Bug 1130620",
"url": "https://bugzilla.suse.com/1130620"
},
{
"category": "self",
"summary": "SUSE Bug 1130622",
"url": "https://bugzilla.suse.com/1130622"
},
{
"category": "self",
"summary": "SUSE Bug 1130623",
"url": "https://bugzilla.suse.com/1130623"
},
{
"category": "self",
"summary": "SUSE Bug 1130627",
"url": "https://bugzilla.suse.com/1130627"
},
{
"category": "self",
"summary": "SUSE Bug 1133790",
"url": "https://bugzilla.suse.com/1133790"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17742 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000073 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000074 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000075 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000076 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000077 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000078 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000079 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6914 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8777 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8778 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8779 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8780 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8320 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8321 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8322 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8323 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8324 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8325 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8325/"
}
],
"title": "Security update for ruby-bundled-gems-rpmhelper, ruby2.5",
"tracking": {
"current_release_date": "2019-07-10T08:40:49Z",
"generator": {
"date": "2019-07-10T08:40:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1804-1",
"initial_release_date": "2019-07-10T08:40:49Z",
"revision_history": [
{
"date": "2019-07-10T08:40:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"product": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"product_id": "libruby2_5-2_5-2.5.5-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.5-4.3.1.aarch64",
"product": {
"name": "ruby2.5-2.5.5-4.3.1.aarch64",
"product_id": "ruby2.5-2.5.5-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.5-4.3.1.aarch64",
"product": {
"name": "ruby2.5-devel-2.5.5-4.3.1.aarch64",
"product_id": "ruby2.5-devel-2.5.5-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"product": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"product_id": "ruby2.5-devel-extra-2.5.5-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.5-4.3.1.aarch64",
"product": {
"name": "ruby2.5-doc-2.5.5-4.3.1.aarch64",
"product_id": "ruby2.5-doc-2.5.5-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"product": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"product_id": "ruby2.5-stdlib-2.5.5-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.5-4.3.1.i586",
"product": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.i586",
"product_id": "libruby2_5-2_5-2.5.5-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.5-4.3.1.i586",
"product": {
"name": "ruby2.5-2.5.5-4.3.1.i586",
"product_id": "ruby2.5-2.5.5-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.5-4.3.1.i586",
"product": {
"name": "ruby2.5-devel-2.5.5-4.3.1.i586",
"product_id": "ruby2.5-devel-2.5.5-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.i586",
"product": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.i586",
"product_id": "ruby2.5-devel-extra-2.5.5-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.5-4.3.1.i586",
"product": {
"name": "ruby2.5-doc-2.5.5-4.3.1.i586",
"product_id": "ruby2.5-doc-2.5.5-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.5-4.3.1.i586",
"product": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.i586",
"product_id": "ruby2.5-stdlib-2.5.5-4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby-bundled-gems-rpmhelper-0.0.2-1.3.1.noarch",
"product": {
"name": "ruby-bundled-gems-rpmhelper-0.0.2-1.3.1.noarch",
"product_id": "ruby-bundled-gems-rpmhelper-0.0.2-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-ri-2.5.5-4.3.1.noarch",
"product": {
"name": "ruby2.5-doc-ri-2.5.5-4.3.1.noarch",
"product_id": "ruby2.5-doc-ri-2.5.5-4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"product": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"product_id": "libruby2_5-2_5-2.5.5-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.5-4.3.1.ppc64le",
"product": {
"name": "ruby2.5-2.5.5-4.3.1.ppc64le",
"product_id": "ruby2.5-2.5.5-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"product": {
"name": "ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"product_id": "ruby2.5-devel-2.5.5-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"product": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"product_id": "ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.5-4.3.1.ppc64le",
"product": {
"name": "ruby2.5-doc-2.5.5-4.3.1.ppc64le",
"product_id": "ruby2.5-doc-2.5.5-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"product": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"product_id": "ruby2.5-stdlib-2.5.5-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.5-4.3.1.s390x",
"product": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.s390x",
"product_id": "libruby2_5-2_5-2.5.5-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.5-4.3.1.s390x",
"product": {
"name": "ruby2.5-2.5.5-4.3.1.s390x",
"product_id": "ruby2.5-2.5.5-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.5-4.3.1.s390x",
"product": {
"name": "ruby2.5-devel-2.5.5-4.3.1.s390x",
"product_id": "ruby2.5-devel-2.5.5-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"product": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"product_id": "ruby2.5-devel-extra-2.5.5-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.5-4.3.1.s390x",
"product": {
"name": "ruby2.5-doc-2.5.5-4.3.1.s390x",
"product_id": "ruby2.5-doc-2.5.5-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"product": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"product_id": "ruby2.5-stdlib-2.5.5-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"product": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"product_id": "libruby2_5-2_5-2.5.5-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.5-4.3.1.x86_64",
"product": {
"name": "ruby2.5-2.5.5-4.3.1.x86_64",
"product_id": "ruby2.5-2.5.5-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.5-4.3.1.x86_64",
"product": {
"name": "ruby2.5-devel-2.5.5-4.3.1.x86_64",
"product_id": "ruby2.5-devel-2.5.5-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"product": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"product_id": "ruby2.5-devel-extra-2.5.5-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.5-4.3.1.x86_64",
"product": {
"name": "ruby2.5-doc-2.5.5-4.3.1.x86_64",
"product_id": "ruby2.5-doc-2.5.5-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"product": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"product_id": "ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.5-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-17742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17742"
}
],
"notes": [
{
"category": "general",
"text": "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17742",
"url": "https://www.suse.com/security/cve/CVE-2017-17742"
},
{
"category": "external",
"summary": "SUSE Bug 1087434 for CVE-2017-17742",
"url": "https://bugzilla.suse.com/1087434"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2017-17742",
"url": "https://bugzilla.suse.com/1136906"
},
{
"category": "external",
"summary": "SUSE Bug 1152992 for CVE-2017-17742",
"url": "https://bugzilla.suse.com/1152992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-17742"
},
{
"cve": "CVE-2018-1000073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000073"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000073",
"url": "https://www.suse.com/security/cve/CVE-2018-1000073"
},
{
"category": "external",
"summary": "SUSE Bug 1082007 for CVE-2018-1000073",
"url": "https://bugzilla.suse.com/1082007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000073"
},
{
"cve": "CVE-2018-1000074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000074"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000074",
"url": "https://www.suse.com/security/cve/CVE-2018-1000074"
},
{
"category": "external",
"summary": "SUSE Bug 1082008 for CVE-2018-1000074",
"url": "https://bugzilla.suse.com/1082008"
},
{
"category": "external",
"summary": "SUSE Bug 1175764 for CVE-2018-1000074",
"url": "https://bugzilla.suse.com/1175764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2018-1000074"
},
{
"cve": "CVE-2018-1000075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000075"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000075",
"url": "https://www.suse.com/security/cve/CVE-2018-1000075"
},
{
"category": "external",
"summary": "SUSE Bug 1082014 for CVE-2018-1000075",
"url": "https://bugzilla.suse.com/1082014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "low"
}
],
"title": "CVE-2018-1000075"
},
{
"cve": "CVE-2018-1000076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000076"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000076",
"url": "https://www.suse.com/security/cve/CVE-2018-1000076"
},
{
"category": "external",
"summary": "SUSE Bug 1082009 for CVE-2018-1000076",
"url": "https://bugzilla.suse.com/1082009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000076"
},
{
"cve": "CVE-2018-1000077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000077"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000077",
"url": "https://www.suse.com/security/cve/CVE-2018-1000077"
},
{
"category": "external",
"summary": "SUSE Bug 1082010 for CVE-2018-1000077",
"url": "https://bugzilla.suse.com/1082010"
},
{
"category": "external",
"summary": "SUSE Bug 1183937 for CVE-2018-1000077",
"url": "https://bugzilla.suse.com/1183937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000077"
},
{
"cve": "CVE-2018-1000078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000078"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000078",
"url": "https://www.suse.com/security/cve/CVE-2018-1000078"
},
{
"category": "external",
"summary": "SUSE Bug 1082011 for CVE-2018-1000078",
"url": "https://bugzilla.suse.com/1082011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000078"
},
{
"cve": "CVE-2018-1000079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000079"
}
],
"notes": [
{
"category": "general",
"text": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000079",
"url": "https://www.suse.com/security/cve/CVE-2018-1000079"
},
{
"category": "external",
"summary": "SUSE Bug 1082058 for CVE-2018-1000079",
"url": "https://bugzilla.suse.com/1082058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000079"
},
{
"cve": "CVE-2018-16395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16395"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16395",
"url": "https://www.suse.com/security/cve/CVE-2018-16395"
},
{
"category": "external",
"summary": "SUSE Bug 1112530 for CVE-2018-16395",
"url": "https://bugzilla.suse.com/1112530"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-16395",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-16395"
},
{
"cve": "CVE-2018-16396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16396"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16396",
"url": "https://www.suse.com/security/cve/CVE-2018-16396"
},
{
"category": "external",
"summary": "SUSE Bug 1112532 for CVE-2018-16396",
"url": "https://bugzilla.suse.com/1112532"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-16396",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-16396"
},
{
"cve": "CVE-2018-6914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6914"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6914",
"url": "https://www.suse.com/security/cve/CVE-2018-6914"
},
{
"category": "external",
"summary": "SUSE Bug 1087441 for CVE-2018-6914",
"url": "https://bugzilla.suse.com/1087441"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-6914",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "low"
}
],
"title": "CVE-2018-6914"
},
{
"cve": "CVE-2018-8777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8777"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8777",
"url": "https://www.suse.com/security/cve/CVE-2018-8777"
},
{
"category": "external",
"summary": "SUSE Bug 1087436 for CVE-2018-8777",
"url": "https://bugzilla.suse.com/1087436"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8777",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2018-8777"
},
{
"cve": "CVE-2018-8778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8778"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8778",
"url": "https://www.suse.com/security/cve/CVE-2018-8778"
},
{
"category": "external",
"summary": "SUSE Bug 1087433 for CVE-2018-8778",
"url": "https://bugzilla.suse.com/1087433"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8778",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-8778"
},
{
"cve": "CVE-2018-8779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8779"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8779",
"url": "https://www.suse.com/security/cve/CVE-2018-8779"
},
{
"category": "external",
"summary": "SUSE Bug 1087440 for CVE-2018-8779",
"url": "https://bugzilla.suse.com/1087440"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8779",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "low"
}
],
"title": "CVE-2018-8779"
},
{
"cve": "CVE-2018-8780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8780"
}
],
"notes": [
{
"category": "general",
"text": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8780",
"url": "https://www.suse.com/security/cve/CVE-2018-8780"
},
{
"category": "external",
"summary": "SUSE Bug 1087437 for CVE-2018-8780",
"url": "https://bugzilla.suse.com/1087437"
},
{
"category": "external",
"summary": "SUSE Bug 1136906 for CVE-2018-8780",
"url": "https://bugzilla.suse.com/1136906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "low"
}
],
"title": "CVE-2018-8780"
},
{
"cve": "CVE-2019-8320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8320"
}
],
"notes": [
{
"category": "general",
"text": "A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user\u0027s machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8320",
"url": "https://www.suse.com/security/cve/CVE-2019-8320"
},
{
"category": "external",
"summary": "SUSE Bug 1130627 for CVE-2019-8320",
"url": "https://bugzilla.suse.com/1130627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2019-8320"
},
{
"cve": "CVE-2019-8321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8321"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8321",
"url": "https://www.suse.com/security/cve/CVE-2019-8321"
},
{
"category": "external",
"summary": "SUSE Bug 1130623 for CVE-2019-8321",
"url": "https://bugzilla.suse.com/1130623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2019-8321"
},
{
"cve": "CVE-2019-8322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8322"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8322",
"url": "https://www.suse.com/security/cve/CVE-2019-8322"
},
{
"category": "external",
"summary": "SUSE Bug 1130622 for CVE-2019-8322",
"url": "https://bugzilla.suse.com/1130622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2019-8322"
},
{
"cve": "CVE-2019-8323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8323"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8323",
"url": "https://www.suse.com/security/cve/CVE-2019-8323"
},
{
"category": "external",
"summary": "SUSE Bug 1130620 for CVE-2019-8323",
"url": "https://bugzilla.suse.com/1130620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2019-8323"
},
{
"cve": "CVE-2019-8324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8324"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8324",
"url": "https://www.suse.com/security/cve/CVE-2019-8324"
},
{
"category": "external",
"summary": "SUSE Bug 1130617 for CVE-2019-8324",
"url": "https://bugzilla.suse.com/1130617"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2019-8324"
},
{
"cve": "CVE-2019-8325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8325"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8325",
"url": "https://www.suse.com/security/cve/CVE-2019-8325"
},
{
"category": "external",
"summary": "SUSE Bug 1130611 for CVE-2019-8325",
"url": "https://bugzilla.suse.com/1130611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libruby2_5-2_5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-devel-extra-2.5.5-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:ruby2.5-stdlib-2.5.5-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-10T08:40:49Z",
"details": "important"
}
],
"title": "CVE-2019-8325"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…