rpm package
suse/yast2-ruby-bindings&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/yast2-ruby-bindings&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (42)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7798 | Hig | 7.5 | < 3.1.53-9.8.1 | 3.1.53-9.8.1 | Jan 30, 2017 | The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | |
| CVE-2016-2339 | Cri | 9.8 | < 3.1.53-9.8.1 | 3.1.53-9.8.1 | Jan 6, 2017 | An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of |
- affected < 3.1.53-9.8.1fixed 3.1.53-9.8.1
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
- affected < 3.1.53-9.8.1fixed 3.1.53-9.8.1
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of
Page 3 of 3