A heap exposure vulnerability was discovered in the socket library. This vulnerability has been assigned the CVE identifier CVE-2020-10933. We strongly recommend upgrading Ruby.
When BasicSocket#recv_nonblock and BasicSocket#read_nonblock are invoked with size and buffer arguments, they initially resize the buffer to the specified size. In cases where the operation would block, they return without copying any data. Thus, the buffer string will now include arbitrary data from the heap. This may expose possibly sensitive data from the interpreter.
This issue is exploitable only on Linux. This issue had been since Ruby 2.5.0; 2.4 series is not vulnerable.
Ruby 2.5 series: 2.5.7 and earlier
Ruby 2.6 series: 2.6.5 and earlier
Ruby 2.7 series: 2.7.0
Thanks for this.
The tree looks clean to me, so I think we just need to consider glsa or not. Is that right?
(In reply to Sam James (sam_c) (security padawan) from comment #1)
> Thanks for this.
> The tree looks clean to me, so I think we just need to consider glsa or not.
> Is that right?
Critical misreading. Thanks graaf for correcting me on IRC!
@maintainer(s), please create an appropriate ebuild.
Ebuilds added for:
Given that the 2.4 and 2.5 versions contain minor other changes I'll wait a day or so before stabling these versions.
(In reply to Hans de Graaff from comment #3)
> Ebuilds added for:
> Given that the 2.4 and 2.5 versions contain minor other changes I'll wait a
> day or so before stabling these versions.
Please test and mark stable.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
@maintainer(s), please cleanup
Correction: still waiting on ppc, ppc64.
Maintainer(s), please cleanup.
Security, please vote.
GLSA Vote: No
Thank you all for you work.
Closing as [noglsa].