Bugzilla – Bug 1193035
VUL-0: CVE-2021-41817: ruby2.1, ruby2.5, ruby2.7, ruby3.0: Regular Expression Denial of Service Vulnerability of Date Parsing Methods
Last modified: 2023-01-12 04:29:16 UTC
rh#2025104 Date’s parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected. Upstream commit: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 References: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/date/CVE-2021-41817.yml https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ References: https://bugzilla.redhat.com/show_bug.cgi?id=2025104 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41817
Affected codestreams: ruby2.1 - SUSE:SLE-12:Update 2.1.9-18.1 ruby2.5 - SUSE:SLE-15:Update 2.5.9 - openSUSE:Leap:15.2:Update 2.5.9 ruby2.7 - openSUSE:Factory 2.7.4 ruby3.0 - openSUSE:Factory 3.0.2
This is an autogenerated message for OBS integration: This bug (1193035) was mentioned in https://build.opensuse.org/request/show/933749 Factory / ruby3.0 https://build.opensuse.org/request/show/933750 Factory / ruby2.7
SUSE-SU-2022:1512-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1188160,1188161,1190375,1193035,1198441 CVE References: CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 JIRA References: Sources used: openSUSE Leap 15.4 (src): ruby2.5-2.5.9-150000.4.23.1 openSUSE Leap 15.3 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Manager Server 4.1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Manager Retail Branch Server 4.1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Manager Proxy 4.1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server for SAP 15 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Server 15-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise Micro 5.0 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Enterprise Storage 7 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE Enterprise Storage 6 (src): ruby2.5-2.5.9-150000.4.23.1 SUSE CaaS Platform 4.0 (src): ruby2.5-2.5.9-150000.4.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.