CVE-2022-28739: Buffer overrun in String-to-Float conversion A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby. Details Due to a bug in an internal function that converts a String to a Float, some convertion methods like Kernel#Float and String#to_f could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitable for illegal memory read. Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2. Affected versions ruby 2.6.9 or prior ruby 2.7.5 or prior ruby 3.0.3 or prior ruby 3.1.1 or prior CVE-2022-28738: Double free in Regexp compilation A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby. Details Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability. Please update Ruby to 3.0.4, or 3.1.2. Affected versions ruby 3.0.3 or prior ruby 3.1.1 or prior Note that ruby 2.6 series and 2.7 series are not affected.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb184b3d7b32297d7534101b691e85320c35ec97 commit fb184b3d7b32297d7534101b691e85320c35ec97 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2022-04-12 14:08:03 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2022-04-12 14:09:03 +0000 dev-lang/ruby: add 2.6.10, 2.7.6, 3.0.4, 3.1.2 Bug: https://bugs.gentoo.org/838073 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-lang/ruby/Manifest | 4 + dev-lang/ruby/ruby-2.6.10.ebuild | 258 +++++++++++++++++++++++++++++++++++++ dev-lang/ruby/ruby-2.7.6.ebuild | 272 +++++++++++++++++++++++++++++++++++++++ dev-lang/ruby/ruby-3.0.4.ebuild | 267 ++++++++++++++++++++++++++++++++++++++ dev-lang/ruby/ruby-3.1.2.ebuild | 267 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 1068 insertions(+)
Thanks! Please stable when ready.
Cleanup done.
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=aea6781bb25fe500e38a2cfce23bf166d29cbf48 commit aea6781bb25fe500e38a2cfce23bf166d29cbf48 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-24 04:04:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-01-24 04:06:47 +0000 [ GLSA 202401-27 ] Ruby: Multiple vulnerabilities Bug: https://bugs.gentoo.org/747007 Bug: https://bugs.gentoo.org/801061 Bug: https://bugs.gentoo.org/827251 Bug: https://bugs.gentoo.org/838073 Bug: https://bugs.gentoo.org/882893 Bug: https://bugs.gentoo.org/903630 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202401-27.xml | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+)
