Security update for ruby19

SUSE Security Update: Security update for ruby19
Announcement ID: SUSE-SU-2015:1889-1
Rating: moderate
References: #926974 #939860
Affected Products:
  • SUSE Studio Onsite 1.3

  • An update that fixes two vulnerabilities is now available.

    Description:

    ruby19 was updated to fix two security issues.

    The following vulnerabilities were fixed:

    * CVE-2015-1855: Ruby OpenSSL hostname verification was too permissive
    (bsc#926974).
    * CVE-2009-5147: DL::dlopen could have loaded a library with tainted
    library name even if $SAFE > 0 (bsc#939860).

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Studio Onsite 1.3:
      zypper in -t patch slestso13-ruby19-12180=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Studio Onsite 1.3 (x86_64):
      • ruby19-1.9.3.p392-0.23.1
      • ruby19-devel-1.9.3.p392-0.23.1
      • ruby19-devel-extra-1.9.3.p392-0.23.1

    References: