Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202215121HistoryMay 03, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:1512-1)
2022-05-0300:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
12
suse-su-2022:1512-1
ruby2.5
cve-2022-28739
cve-2021-41817
cve-2021-32066
buffer overrun
regular expression denial of service
starttls stripping vulnerability
trusting ftp pasv responses vulnerability
command injection
suse caas platform 4.0
suse enterprise storage 6
suse enterprise storage 7
suse linux enterprise high performance computing 15
suse linux enterprise micro 5.0
suse linux enterprise module for basesystem 15-sp3
suse linux enterprise realtime extension 15-sp2
suse linux enterprise server 15
suse manager proxy 4.1
vendorfix
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.3
Confidence
High
EPSS
0.01
Percentile
83.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.1512.1");
script_cve_id("CVE-2021-31799", "CVE-2021-31810", "CVE-2021-32066", "CVE-2021-41817", "CVE-2022-28739");
script_tag(name:"creation_date", value:"2022-05-03 20:12:37 +0000 (Tue, 03 May 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-05-19 14:55:37 +0000 (Thu, 19 May 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:1512-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP3|SLES15\.0SP4|SLES15\.0|SLES15\.0SP1|SLES15\.0SP2)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:1512-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20221512-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'ruby2.5' package(s) announced via the SUSE-SU-2022:1512-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for ruby2.5 fixes the following issues:
CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion
(bsc#1198441).
CVE-2021-41817: Fixed a regular expression denial of service in Date
Parsing Methods (bsc#1193035).
CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP
(bsc#1188160).
CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in
Net:FTP (bsc#1188161).
CVE-2021-31799: Fixed a command injection vulnerability in RDoc
(bsc#1190375).");
script_tag(name:"affected", value:"'ruby2.5' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Enterprise Storage 7, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise High Performance Computing 15-SP2, SUSE Linux Enterprise Micro 5.0, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Basesystem 15-SP4, SUSE Linux Enterprise Realtime Extension 15-SP2, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Linux Enterprise Server for SAP 15-SP2, SUSE Manager Proxy 4.1, SUSE Manager Retail Branch Server 4.1, SUSE Manager Server 4.1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5", rpm:"libruby2_5-2_5~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5-debuginfo", rpm:"libruby2_5-2_5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5", rpm:"ruby2.5~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debuginfo", rpm:"ruby2.5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debugsource", rpm:"ruby2.5-debugsource~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel", rpm:"ruby2.5-devel~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel-extra", rpm:"ruby2.5-devel-extra~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib", rpm:"ruby2.5-stdlib~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib-debuginfo", rpm:"ruby2.5-stdlib-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5", rpm:"libruby2_5-2_5~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5-debuginfo", rpm:"libruby2_5-2_5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5", rpm:"ruby2.5~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debuginfo", rpm:"ruby2.5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debugsource", rpm:"ruby2.5-debugsource~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel", rpm:"ruby2.5-devel~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel-extra", rpm:"ruby2.5-devel-extra~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib", rpm:"ruby2.5-stdlib~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib-debuginfo", rpm:"ruby2.5-stdlib-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5", rpm:"libruby2_5-2_5~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5-debuginfo", rpm:"libruby2_5-2_5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5", rpm:"ruby2.5~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debuginfo", rpm:"ruby2.5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debugsource", rpm:"ruby2.5-debugsource~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel", rpm:"ruby2.5-devel~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel-extra", rpm:"ruby2.5-devel-extra~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib", rpm:"ruby2.5-stdlib~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib-debuginfo", rpm:"ruby2.5-stdlib-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5", rpm:"libruby2_5-2_5~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5-debuginfo", rpm:"libruby2_5-2_5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5", rpm:"ruby2.5~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debuginfo", rpm:"ruby2.5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debugsource", rpm:"ruby2.5-debugsource~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel", rpm:"ruby2.5-devel~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel-extra", rpm:"ruby2.5-devel-extra~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib", rpm:"ruby2.5-stdlib~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib-debuginfo", rpm:"ruby2.5-stdlib-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5", rpm:"libruby2_5-2_5~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libruby2_5-2_5-debuginfo", rpm:"libruby2_5-2_5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5", rpm:"ruby2.5~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debuginfo", rpm:"ruby2.5-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-debugsource", rpm:"ruby2.5-debugsource~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel", rpm:"ruby2.5-devel~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-devel-extra", rpm:"ruby2.5-devel-extra~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib", rpm:"ruby2.5-stdlib~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby2.5-stdlib-debuginfo", rpm:"ruby2.5-stdlib-debuginfo~2.5.9~150000.4.23.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
suse
suse
Security update for ruby2.5 (important)
2022-05-03 00:00:00
Security update for ruby2.5 (important)
2021-12-06 00:00:00
Security update for ruby2.5 (important)
2021-12-01 00:00:00
openvas
openvas
openSUSE: Security Advisory for ruby2.5 (SUSE-SU-2022:1512-1)
2022-05-17 00:00:00
Debian: Security Advisory (DLA-2780-1)
2021-10-14 00:00:00
Ubuntu: Security Advisory (USN-5020-1)
2021-07-22 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2022:1512-1)
2022-05-04 00:00:00
FreeBSD : Ruby -- multiple vulnerabilities (7ed5779c-e4c7-11eb-91d7-08002728f74c)
2021-07-16 00:00:00
CentOS 8 : ruby:2.5 (CESA-2022:0672)
2022-02-25 00:00:00
osv
osv
ruby2.3 - security update
2021-10-11 00:00:00
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
libruby3_0-3_0-3.0.2-1.1 on GA media
2024-06-15 00:00:00
debian
debian
[SECURITY] [DLA 2780-1] ruby2.3 security update
2021-10-13 14:12:23
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
redhat
redhat
(RHSA-2022:0672) Moderate: ruby:2.5 security update
2022-02-24 15:11:44
(RHSA-2022:0543) Important: ruby:2.6 security update
2022-02-16 08:26:13
(RHSA-2022:0544) Important: ruby:2.6 security update
2022-02-16 08:27:10
oraclelinux
oraclelinux
ruby:2.5 security update
2022-02-28 00:00:00
ruby:2.5 security update
2022-03-08 00:00:00
ruby:2.6 security update
2022-02-16 00:00:00
rocky
rocky
ruby:2.5 security update
2022-02-24 15:11:44
ruby:2.6 security update
2022-02-16 08:26:13
ruby:2.7 security update
2021-08-05 14:06:16
cloudfoundry
cloudfoundry
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
archlinux
archlinux
[ASA-202107-25] ruby2.6: multiple issues
2021-07-14 00:00:00
[ASA-202107-23] ruby: multiple issues
2021-07-14 00:00:00
[ASA-202107-24] ruby2.7: multiple issues
2021-07-14 00:00:00
freebsd
freebsd
Ruby -- multiple vulnerabilities
2021-07-07 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
Important: ruby:2.6 security update
2022-02-16 08:26:13
Important: ruby:2.7 security update
2021-08-05 14:06:16
ubuntu
ubuntu
Ruby vulnerabilities
2021-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34
2021-07-29 01:09:21
[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35
2022-05-08 01:48:39
[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34
2022-05-08 02:03:44
redos
redos
ROS-20240723-03
2024-07-23 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
cnvd
cnvd
Ruby Information Disclosure Vulnerability (CNVD-2021-59129)
2021-07-12 00:00:00
debiancve
debiancve
prion
prion
Code injection
2021-08-01 19:15:00
Design/Logic Flaw
2022-01-01 05:15:00
ubuntucve
ubuntucve
photon
photon
Important Photon OS Security Update - PHSA-2021-0084
2021-08-20 00:00:00
hackerone
hackerone
nvd
nvd
CVE-2021-31799
2021-07-30 14:15:16
CVE-2021-32066
2021-08-01 19:15:07
veracode
veracode
Denial Of Service (DoS)
2021-07-11 15:57:38
Denial Of Service (DoS)
2021-07-11 16:10:12
Regular Expression Denial Of Service (ReDoS)
2021-11-17 06:57:56
github
github
Arbitrary Code Execution in Rdoc
2021-09-01 18:53:15
alpinelinux
alpinelinux
amazon
amazon
cve
cve
f5
f5
K30272432 : RubyGems vulnerability CVE-2021-41817
2022-06-01 00:00:00
cvelist
cvelist
CVE-2021-41817
2022-01-01 00:00:00
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2022-28739 affecting package ruby 2.6.9-1
2022-06-15 17:03:10
rubygems
rubygems
Regular Expression Denial of Service Vulnerability of Date Parsing Methods
2021-11-14 21:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.3
Confidence
High
EPSS
0.01
Percentile
83.9%
Related for OPENVAS:13614125623114202215121