MGASA-2020-0285

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0285.html

Import Source

https://advisories.mageia.org/MGASA-2020-0285.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0285

Related

CVE-2020-10933

Published

2020-07-07T13:47:37Z

Modified

2020-07-07T13:15:34Z

Summary

Updated ruby packages fix security vulnerability

Details

Updated ruby packages fix security vulnerability:

An issue was discovered in Ruby through 2.5.7. If a victim calls BasicSocket#readnonblock(requestedsize, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter (CVE-2020-10933).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ruby

Package

Name: ruby
Purl: pkg:rpm/mageia/ruby?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.8-21.mga7

Ecosystem specific

{
    "section": "core"
}