Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:6585

Опубликовано: 20 сент. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109428)

Security Fix(es):

  • Ruby: Double free in Regexp compilation (CVE-2022-28738)

  • Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
rubyx86_64160.el9_0ruby-3.0.4-160.el9_0.x86_64.rpm
ruby-default-gemsnoarch160.el9_0ruby-default-gems-3.0.4-160.el9_0.noarch.rpm
ruby-develx86_64160.el9_0ruby-devel-3.0.4-160.el9_0.x86_64.rpm
rubygem-bigdecimalx86_64160.el9_0rubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm
rubygem-bundlernoarch160.el9_0rubygem-bundler-2.2.33-160.el9_0.noarch.rpm
rubygem-io-consolex86_64160.el9_0rubygem-io-console-0.5.7-160.el9_0.x86_64.rpm
rubygem-irbnoarch160.el9_0rubygem-irb-1.3.5-160.el9_0.noarch.rpm
rubygem-jsonx86_64160.el9_0rubygem-json-2.5.1-160.el9_0.x86_64.rpm
rubygem-minitestnoarch160.el9_0rubygem-minitest-5.14.2-160.el9_0.noarch.rpm
rubygem-power_assertnoarch160.el9_0rubygem-power_assert-1.2.0-160.el9_0.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-28738
CVE-2022-28739

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2022-6585

oracle-oval
больше 2 лет назад

ELSA-2022-6585: ruby security, bug fix, and enhancement update (MODERATE)

redos логотип

ROS-20220516-06

redos
около 3 лет назад

Множественные уязвимости Ruby

rocky логотип

RLSA-2022:6450

rocky
почти 3 года назад

Moderate: ruby:3.0 security, bug fix, and enhancement update

oracle-oval логотип

ELSA-2022-6450

oracle-oval
почти 3 года назад

ELSA-2022-6450: ruby:3.0 security, bug fix, and enhancement update (MODERATE)

ubuntu логотип

CVE-2022-28738

CVSS3: 9.8
ubuntu
около 3 лет назад

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.