SUSE-SU-2022:2592-1

Details

Description of the patch:

This update for rubygem-tzinfo fixes the following issues:

CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835).

Affected Packages

ruby2.5-rubygem-tzinfo

SUSE Linux Enterprise High Availability Extension 15SUSE Linux Enterprise High Availability Extension 15 SP1SUSE Linux Enterprise High Availability Extension 15 SP2SUSE Linux Enterprise High Availability Extension 15 SP3SUSE Linux Enterprise High Availability Extension 15 SP4

Fixed in:

1.2.4-150000.3.3.1

ruby2.5-rubygem-tzinfo-doc

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

1.2.4-150000.3.3.1

ruby2.5-rubygem-tzinfo-testsuite

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

1.2.4-150000.3.3.1

References

ADVISORY