Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for ruby2.1

This ruby2.1 update to version 2.1.9 fixes the following issues:

Security issues fixed:
- CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" (bsc#1018808)
- CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)
- CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032)
- CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of
hostnames (bsc#926974)
- CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877)

Bugfixes:
- SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863)
- Segmentation fault after pack & ioctl & unpack (bsc#909695)
- Ruby:HTTP Header injection in 'net/http' (bsc#986630)

ChangeLog:
- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1014863
SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly
bnc#1018808
VUL-0: CVE-2016-2339: ruby19,ruby: heap overflow vulnerability in the Fiddle::Function.new"initialize"
bnc#887877
VUL-1: CVE-2014-4975: ruby20: off-by-one stack-based buffer overflow in the encodes() function
bnc#909695
segmentation fault after pack & ioctl & unpack
bnc#926974
VUL-0: CVE-2015-1855: ruby: Ruby OpenSSL Hostname Verification
bnc#936032
VUL-0: CVE-2015-3900: ruby,ruby19,ruby2.1: RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 doesnot validate the hostn...
bnc#959495
VUL-0: CVE-2015-7551: ruby19,ruby: Unsafe tainted string usage in Fiddle and DL
bnc#986630
VUL-0: ruby19,ruby: Ruby:HTTP Header injection in 'net/http'
CVE-2016-2339
CVE-2014-4975
CVE-2015-1855
CVE-2015-3900
CVE-2015-7551
Selected Binaries
openSUSE Build Service is sponsored by
Places