ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10549-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media These are all security issues fixed in the ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10549 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-2877/ SUSE CVE CVE-2013-2877 page https://www.suse.com/security/cve/CVE-2014-0191/ SUSE CVE CVE-2014-0191 page https://www.suse.com/security/cve/CVE-2015-1819/ SUSE CVE CVE-2015-1819 page https://www.suse.com/security/cve/CVE-2015-5312/ SUSE CVE CVE-2015-5312 page https://www.suse.com/security/cve/CVE-2015-7497/ SUSE CVE CVE-2015-7497 page https://www.suse.com/security/cve/CVE-2015-7498/ SUSE CVE CVE-2015-7498 page https://www.suse.com/security/cve/CVE-2015-7499/ SUSE CVE CVE-2015-7499 page https://www.suse.com/security/cve/CVE-2015-7500/ SUSE CVE CVE-2015-7500 page https://www.suse.com/security/cve/CVE-2015-7941/ SUSE CVE CVE-2015-7941 page https://www.suse.com/security/cve/CVE-2015-7942/ SUSE CVE CVE-2015-7942 page https://www.suse.com/security/cve/CVE-2015-7995/ SUSE CVE CVE-2015-7995 page https://www.suse.com/security/cve/CVE-2015-8035/ SUSE CVE CVE-2015-8035 page https://www.suse.com/security/cve/CVE-2015-8241/ SUSE CVE CVE-2015-8241 page https://www.suse.com/security/cve/CVE-2015-8242/ SUSE CVE CVE-2015-8242 page https://www.suse.com/security/cve/CVE-2015-8317/ SUSE CVE CVE-2015-8317 page openSUSE Tumbleweed ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 as a component of openSUSE Tumbleweed ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 as a component of openSUSE Tumbleweed ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 as a component of openSUSE Tumbleweed ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 as a component of openSUSE Tumbleweed ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 as a component of openSUSE Tumbleweed ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 as a component of openSUSE Tumbleweed parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. CVE-2013-2877 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2877.html CVE-2013-2877 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/828893 SUSE Bug 828893 https://bugzilla.suse.com/829077 SUSE Bug 829077 https://bugzilla.suse.com/854869 SUSE Bug 854869 https://bugzilla.suse.com/877506 SUSE Bug 877506 The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. CVE-2014-0191 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0191.html CVE-2014-0191 https://bugzilla.suse.com/1014873 SUSE Bug 1014873 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/876652 SUSE Bug 876652 https://bugzilla.suse.com/877506 SUSE Bug 877506 https://bugzilla.suse.com/996079 SUSE Bug 996079 The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. CVE-2015-1819 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1819.html CVE-2015-1819 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/928193 SUSE Bug 928193 https://bugzilla.suse.com/969769 SUSE Bug 969769 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. CVE-2015-5312 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5312.html CVE-2015-5312 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/957105 SUSE Bug 957105 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. CVE-2015-7497 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7497.html CVE-2015-7497 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/957106 SUSE Bug 957106 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. CVE-2015-7498 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7498.html CVE-2015-7498 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/957107 SUSE Bug 957107 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVE-2015-7499 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7499.html CVE-2015-7499 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/957109 SUSE Bug 957109 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVE-2015-7500 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7500.html CVE-2015-7500 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/957110 SUSE Bug 957110 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. CVE-2015-7941 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7941.html CVE-2015-7941 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/951734 SUSE Bug 951734 https://bugzilla.suse.com/951735 SUSE Bug 951735 https://bugzilla.suse.com/969769 SUSE Bug 969769 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. CVE-2015-7942 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7942.html CVE-2015-7942 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/951735 SUSE Bug 951735 https://bugzilla.suse.com/969769 SUSE Bug 969769 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. CVE-2015-7995 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7995.html CVE-2015-7995 https://bugzilla.suse.com/1123130 SUSE Bug 1123130 https://bugzilla.suse.com/952474 SUSE Bug 952474 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. CVE-2015-8035 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8035.html CVE-2015-8035 https://bugzilla.suse.com/1088279 SUSE Bug 1088279 https://bugzilla.suse.com/1105166 SUSE Bug 1105166 https://bugzilla.suse.com/954429 SUSE Bug 954429 The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8241 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8241.html CVE-2015-8241 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/956018 SUSE Bug 956018 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8242 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8242.html CVE-2015-8242 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/956021 SUSE Bug 956021 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769 The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. CVE-2015-8317 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3 openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8317.html CVE-2015-8317 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 https://bugzilla.suse.com/956260 SUSE Bug 956260 https://bugzilla.suse.com/959469 SUSE Bug 959469 https://bugzilla.suse.com/969769 SUSE Bug 969769