SUSE-SU-2022:4015-1

Details

This update for rubygem-nokogiri fixes the following issues:

CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408)
CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782)

Affected Packages

SUSE:Linux Enterprise High Availability Extension 15ruby2.5-rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

SUSE:Linux Enterprise High Availability Extension 15rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

SUSE:Linux Enterprise High Availability Extension 15 SP1ruby2.5-rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

SUSE:Linux Enterprise High Availability Extension 15 SP1rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

SUSE:Linux Enterprise High Availability Extension 15 SP2ruby2.5-rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

SUSE:Linux Enterprise High Availability Extension 15 SP2rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

SUSE:Linux Enterprise Module for Basesystem 15 SP3ruby2.5-rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

SUSE:Linux Enterprise Module for Basesystem 15 SP3rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

openSUSE:Leap 15.3ruby2.5-rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

openSUSE:Leap 15.3ruby2.5-rubygem-nokogiri-doc

Fixed in:

1.8.5-150000.3.9.1

openSUSE:Leap 15.3ruby2.5-rubygem-nokogiri-testsuite

Fixed in:

1.8.5-150000.3.9.1

openSUSE:Leap 15.3rubygem-nokogiri

Fixed in:

1.8.5-150000.3.9.1

References

REPORThttps://bugzilla.suse.com/1198408 REPORThttps://bugzilla.suse.com/1199782 WEBhttps://www.suse.com/security/cve/CVE-2022-24836 WEBhttps://www.suse.com/security/cve/CVE-2022-29181 ADVISORYhttps://www.suse.com/support/update/announcement/2022/suse-su-20224015-1/

SUSE-SU-2022:4015-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline