Security update for rubygem-activejob-5_1 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3996-1 Final 1 1 2018-12-06T08:40:08Z current 2018-12-06T08:40:08Z 2018-12-06T08:40:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rubygem-activejob-5_1 This update for rubygem-activejob-5_1 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Development-Tools-OBS-15-2018-2857,SUSE-SLE-Product-HA-15-2018-2857 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183996-1/ Link for SUSE-SU-2018:3996-1 https://lists.suse.com/pipermail/sle-security-updates/2018-December/004926.html E-Mail link for SUSE-SU-2018:3996-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1117632 SUSE Bug 1117632 https://www.suse.com/security/cve/CVE-2018-16476/ SUSE CVE CVE-2018-16476 page SUSE Linux Enterprise High Availability Extension 15 ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 as a component of SUSE Linux Enterprise High Availability Extension 15 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. CVE-2018-16476 SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-activejob-5_1-5.1.4-3.3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183996-1/ https://www.suse.com/security/cve/CVE-2018-16476.html CVE-2018-16476 https://bugzilla.suse.com/1117632 SUSE Bug 1117632 https://bugzilla.suse.com/1129268 SUSE Bug 1129268