This update for ruby2.1 fixes the following issues:
Security issues fixed:
CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983).
CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265).
CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755).
CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286).
CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286).
CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286).
CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286).
CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452).
CVE-2017-9228: Fixed a heap out-of-bounds write in bitsetsetrange() during regex compilation (bsc#1069607).
CVE-2017-9229: Fixed an invalid pointer dereference in leftadjustchar_head() in oniguruma (bsc#1069632).
CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754).
CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757).
CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782).
CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002).
CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434).
CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782).
CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441).
CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436).
CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433).
CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440).
CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437).
CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530).
CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532).
CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007).
CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008).
CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014).
CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009).
CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010).
CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011).
CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058).
CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627).
CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623).
CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622).
CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620).
CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617).
CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611).
CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994).
CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995).
CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992).
CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990).
CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517).
Non-security issue fixed:
Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072).
Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275)