libruby2_7-2_7-2.7.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11657 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libruby2_7-2_7-2.7.5-1.1 on GA media These are all security issues fixed in the libruby2_7-2_7-2.7.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11657 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11657 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-41816/ SUSE CVE CVE-2021-41816 page https://www.suse.com/security/cve/CVE-2021-41817/ SUSE CVE CVE-2021-41817 page https://www.suse.com/security/cve/CVE-2021-41819/ SUSE CVE CVE-2021-41819 page openSUSE Tumbleweed libruby2_7-2_7-2.7.5-1.1 ruby2.7-2.7.5-1.1 ruby2.7-devel-2.7.5-1.1 ruby2.7-devel-extra-2.7.5-1.1 ruby2.7-doc-2.7.5-1.1 ruby2.7-doc-ri-2.7.5-1.1 libruby2_7-2_7-2.7.5-1.1 as a component of openSUSE Tumbleweed ruby2.7-2.7.5-1.1 as a component of openSUSE Tumbleweed ruby2.7-devel-2.7.5-1.1 as a component of openSUSE Tumbleweed ruby2.7-devel-extra-2.7.5-1.1 as a component of openSUSE Tumbleweed ruby2.7-doc-2.7.5-1.1 as a component of openSUSE Tumbleweed ruby2.7-doc-ri-2.7.5-1.1 as a component of openSUSE Tumbleweed CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. CVE-2021-41816 openSUSE Tumbleweed:libruby2_7-2_7-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-devel-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-devel-extra-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-doc-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-doc-ri-2.7.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-41816.html CVE-2021-41816 https://bugzilla.suse.com/1193080 SUSE Bug 1193080 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CVE-2021-41817 openSUSE Tumbleweed:libruby2_7-2_7-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-devel-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-devel-extra-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-doc-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-doc-ri-2.7.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-41817.html CVE-2021-41817 https://bugzilla.suse.com/1193035 SUSE Bug 1193035 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CVE-2021-41819 openSUSE Tumbleweed:libruby2_7-2_7-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-devel-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-devel-extra-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-doc-2.7.5-1.1 openSUSE Tumbleweed:ruby2.7-doc-ri-2.7.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-41819.html CVE-2021-41819 https://bugzilla.suse.com/1193081 SUSE Bug 1193081