ID

VAR-202204-0855

CVE

CVE-2022-28739

TITLE

Ruby Buffer error vulnerability

DESCRIPTION

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. 7) - noarch, x86_64 3. Bug Fix(es): * rh-ruby30 ruby: User-installed rubygems plugins are not being loaded (BZ#2128629) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security, bug fix, and enhancement update Advisory ID: RHSA-2022:6585-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6585 Issue date: 2022-09-20 CVE Names: CVE-2022-28738 CVE-2022-28739 ==================================================================== 1. Summary: An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - noarch Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109428) Security Fix(es): * Ruby: Double free in Regexp compilation (CVE-2022-28738) * Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2109428 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-9] [rhel-9.0.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: ruby-3.0.4-160.el9_0.src.rpm aarch64: ruby-3.0.4-160.el9_0.aarch64.rpm ruby-debuginfo-3.0.4-160.el9_0.aarch64.rpm ruby-debugsource-3.0.4-160.el9_0.aarch64.rpm ruby-devel-3.0.4-160.el9_0.aarch64.rpm ruby-libs-3.0.4-160.el9_0.aarch64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.aarch64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.aarch64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.aarch64.rpm rubygem-io-console-0.5.7-160.el9_0.aarch64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.aarch64.rpm rubygem-json-2.5.1-160.el9_0.aarch64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.aarch64.rpm rubygem-psych-3.3.2-160.el9_0.aarch64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.aarch64.rpm noarch: ruby-default-gems-3.0.4-160.el9_0.noarch.rpm rubygem-bundler-2.2.33-160.el9_0.noarch.rpm rubygem-irb-1.3.5-160.el9_0.noarch.rpm rubygem-minitest-5.14.2-160.el9_0.noarch.rpm rubygem-power_assert-1.2.0-160.el9_0.noarch.rpm rubygem-rake-13.0.3-160.el9_0.noarch.rpm rubygem-rbs-1.4.0-160.el9_0.noarch.rpm rubygem-rdoc-6.3.3-160.el9_0.noarch.rpm rubygem-rexml-3.2.5-160.el9_0.noarch.rpm rubygem-rss-0.2.9-160.el9_0.noarch.rpm rubygem-test-unit-3.3.7-160.el9_0.noarch.rpm rubygem-typeprof-0.15.2-160.el9_0.noarch.rpm rubygems-3.2.33-160.el9_0.noarch.rpm rubygems-devel-3.2.33-160.el9_0.noarch.rpm ppc64le: ruby-3.0.4-160.el9_0.ppc64le.rpm ruby-debuginfo-3.0.4-160.el9_0.ppc64le.rpm ruby-debugsource-3.0.4-160.el9_0.ppc64le.rpm ruby-devel-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-3.0.4-160.el9_0.ppc64le.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.ppc64le.rpm rubygem-bigdecimal-3.0.0-160.el9_0.ppc64le.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.ppc64le.rpm rubygem-io-console-0.5.7-160.el9_0.ppc64le.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.ppc64le.rpm rubygem-json-2.5.1-160.el9_0.ppc64le.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.ppc64le.rpm rubygem-psych-3.3.2-160.el9_0.ppc64le.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.ppc64le.rpm s390x: ruby-3.0.4-160.el9_0.s390x.rpm ruby-debuginfo-3.0.4-160.el9_0.s390x.rpm ruby-debugsource-3.0.4-160.el9_0.s390x.rpm ruby-devel-3.0.4-160.el9_0.s390x.rpm ruby-libs-3.0.4-160.el9_0.s390x.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.s390x.rpm rubygem-bigdecimal-3.0.0-160.el9_0.s390x.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.s390x.rpm rubygem-io-console-0.5.7-160.el9_0.s390x.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.s390x.rpm rubygem-json-2.5.1-160.el9_0.s390x.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.s390x.rpm rubygem-psych-3.3.2-160.el9_0.s390x.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.s390x.rpm x86_64: ruby-3.0.4-160.el9_0.i686.rpm ruby-3.0.4-160.el9_0.x86_64.rpm ruby-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-debuginfo-3.0.4-160.el9_0.x86_64.rpm ruby-debugsource-3.0.4-160.el9_0.i686.rpm ruby-debugsource-3.0.4-160.el9_0.x86_64.rpm ruby-devel-3.0.4-160.el9_0.i686.rpm ruby-devel-3.0.4-160.el9_0.x86_64.rpm ruby-libs-3.0.4-160.el9_0.i686.rpm ruby-libs-3.0.4-160.el9_0.x86_64.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.i686.rpm ruby-libs-debuginfo-3.0.4-160.el9_0.x86_64.rpm rubygem-bigdecimal-3.0.0-160.el9_0.x86_64.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.i686.rpm rubygem-bigdecimal-debuginfo-3.0.0-160.el9_0.x86_64.rpm rubygem-io-console-0.5.7-160.el9_0.x86_64.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.i686.rpm rubygem-io-console-debuginfo-0.5.7-160.el9_0.x86_64.rpm rubygem-json-2.5.1-160.el9_0.x86_64.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.i686.rpm rubygem-json-debuginfo-2.5.1-160.el9_0.x86_64.rpm rubygem-psych-3.3.2-160.el9_0.x86_64.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.i686.rpm rubygem-psych-debuginfo-3.3.2-160.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder (v. 9): noarch: ruby-doc-3.0.4-160.el9_0.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-28738 https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYypfvtzjgjWX9erEAQjaXQ/+LfzraWPwLDEBfxU87XekVmDQn/KHLw0Q TPgRpDtvfVkmSDDCEvYvvMOYSW3MdNmNJOwPhQyJT3cBrq0zHUog0ejoJO5jV3B1 rOStJ/EfwskmCVaPehhJvGfrKVr2l6Uo8SH0zrLMKBtqd42/GrO2eiDs/xxhVq5U wvgecfUQY8lfpJ25ELa/081aAe4Cg4NN7WShf7DFJ2tw+f/IguCWi+CHZoavv3AQ T7So/dbIjFJmliaPcTkvW02m+JHxNGduXJfelMXB72eyJR7/jEK7OvfE89a18yZ8 P38biUIPZFNaLW1SN62GnA8Qby6g9C/1x+pXssEQ6fo1qJPk/bW6qYfPWWM4Op5N VsTFDx7EAZRCQFnyczTcaUE7g9s4ZovK4qMqTZq9BhP25m9yisvV1jizNpSU6vMi h37/Mi0gcOOcjbtj8Nlbtx+QsHFJvOgTjDIiwPVllMpxygWjSRRnR+LBoTHCPlP2 ZG5q8MGwZAIfzKSP9Fjg58rJoiWnzyJWFLEym38lfrrjch21CtgaKm28wrKQ18PC 7GQ/A/rARWMfAKnFYEO4zF07kidgTwyVJI5RJv8b9x4vLo7/G80CVDXIYjEDP4FR 7fNpEfc9/owximR5WpTds3GfzTDSKzNonHX/oNhIaJLkQ27RTSPXORzxtAsz2a6j jbIYxx9rQto=komJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5462-1 June 06, 2022 ruby2.5, ruby2.7, ruby3.0 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Ruby. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-28738) It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-28739) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libruby3.0 3.0.2-7ubuntu2.1 ruby3.0 3.0.2-7ubuntu2.1 Ubuntu 21.10: libruby2.7 2.7.4-1ubuntu3.2 ruby2.7 2.7.4-1ubuntu3.2 Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.7 ruby2.7 2.7.0-5ubuntu1.7 Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.12 ruby2.5 2.5.1-1ubuntu1.12 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Multiple vulnerabilities Date: January 24, 2024 Bugs: #747007, #801061, #827251, #838073, #882893, #903630 ID: 202401-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. It comes bundled with a HTTP server ("WEBrick"). Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ dev-lang/ruby < 2.5.9:2.5 Vulnerable! < 2.6.10:2.6 Vulnerable! < 2.7.8:2.7 Vulnerable! < 3.0.6:3.0 Vulnerable! < 3.1.4:3.1 >= 3.1.4:3.1 < 3.2.2:3.2 >= 3.2.2:3.2 Description =========== Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Ruby users should upgrade to the latest version: # emerge --sync # emerge --ask --depclean ruby:2.5 ruby:2.6 ruby:2.7 ruby:3.0 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.1.4:3.1" # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.2.2:3.2" References ========== [ 1 ] CVE-2020-25613 https://nvd.nist.gov/vuln/detail/CVE-2020-25613 [ 2 ] CVE-2021-31810 https://nvd.nist.gov/vuln/detail/CVE-2021-31810 [ 3 ] CVE-2021-32066 https://nvd.nist.gov/vuln/detail/CVE-2021-32066 [ 4 ] CVE-2021-33621 https://nvd.nist.gov/vuln/detail/CVE-2021-33621 [ 5 ] CVE-2021-41816 https://nvd.nist.gov/vuln/detail/CVE-2021-41816 [ 6 ] CVE-2021-41817 https://nvd.nist.gov/vuln/detail/CVE-2021-41817 [ 7 ] CVE-2021-41819 https://nvd.nist.gov/vuln/detail/CVE-2021-41819 [ 8 ] CVE-2022-28738 https://nvd.nist.gov/vuln/detail/CVE-2022-28738 [ 9 ] CVE-2022-28739 https://nvd.nist.gov/vuln/detail/CVE-2022-28739 [ 10 ] CVE-2023-28755 https://nvd.nist.gov/vuln/detail/CVE-2023-28755 [ 11 ] CVE-2023-28756 https://nvd.nist.gov/vuln/detail/CVE-2023-28756 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202401-27 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1 macOS Big Sur 11.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213493. AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022 Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022 ppp Available for: macOS Big Sur Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022 Ruby Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739 Sandbox Available for: macOS Big Sur Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher zlib Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022 macOS Big Sur 11.7.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-02-22T20:30:27.145000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE