Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:5338

Опубликовано: 28 июн. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: ruby:2.6 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (2.6.10). (BZ#2089374)

Security Fix(es):

  • Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
rubyx86_64109.module+el8.6.0+988+8031c193ruby-2.6.10-109.module+el8.6.0+988+8031c193.x86_64.rpm
ruby-develx86_64109.module+el8.6.0+988+8031c193ruby-devel-2.6.10-109.module+el8.6.0+988+8031c193.x86_64.rpm
ruby-docnoarch109.module+el8.6.0+988+8031c193ruby-doc-2.6.10-109.module+el8.6.0+988+8031c193.noarch.rpm
rubygem-abrtnoarch4.module+el8.5.0+738+032c9c02rubygem-abrt-0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm
rubygem-abrt-docnoarch4.module+el8.5.0+738+032c9c02rubygem-abrt-doc-0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm
rubygem-bigdecimalx86_64109.module+el8.6.0+988+8031c193rubygem-bigdecimal-1.4.1-109.module+el8.6.0+988+8031c193.x86_64.rpm
rubygem-bsonx86_641.module+el8.4.0+593+8d7f9f0crubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm
rubygem-bson-docnoarch1.module+el8.4.0+593+8d7f9f0crubygem-bson-doc-4.5.0-1.module+el8.4.0+593+8d7f9f0c.noarch.rpm
rubygem-bundlernoarch109.module+el8.6.0+988+8031c193rubygem-bundler-1.17.2-109.module+el8.6.0+988+8031c193.noarch.rpm
rubygem-did_you_meannoarch109.module+el8.6.0+988+8031c193rubygem-did_you_mean-1.3.0-109.module+el8.6.0+988+8031c193.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-28739

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-28739

CVSS3: 7.5
ubuntu
около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

redhat логотип

CVE-2022-28739

CVSS3: 6.2
redhat
около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

nvd логотип

CVE-2022-28739

CVSS3: 7.5
nvd
около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

msrc логотип

CVE-2022-28739

CVSS3: 7.5
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-28739

CVSS3: 7.5
debian
около 3 лет назад

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...