View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-2337 severity moderate: SUSE including 7 source package names (ruby, ruby-devel, …), 16 product×package rows across 6 product lines (SUSE Lifecycle Management Server 1.3, SUSE Linux Enterprise Server 11 SP1 for Teradata, … (6 product lines)): Known Not Affected 16.
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.