#13341 closed enhancement (fixed)
ruby-2.7.1
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (5)
comment:1 by , 4 years ago
| Priority: | normal → high |
|---|
comment:2 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Another security release :(
Ruby 2.7.1 has been released. This release includes security fixes. Please check the topics below for details. CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional fix) CVE-2020-10933: Heap exposure vulnerability in the socket library See the commit logs for details.CVE-2020-10933: Heap exposure vulnerability in the socket library
CVE-2020-10933: Heap exposure vulnerability in the socket library Posted by mame on 31 Mar 2020 A heap exposure vulnerability was discovered in the socket library. This vulnerability has been assigned the CVE identifier CVE-2020-10933. We strongly recommend upgrading Ruby. Details When BasicSocket#recv_nonblock and BasicSocket#read_nonblock are invoked with size and buffer arguments, they initially resize the buffer to the specified size. In cases where the operation would block, they return without copying any data. Thus, the buffer string will now include arbitrary data from the heap. This may expose possibly sensitive data from the interpreter. This issue is exploitable only on Linux. This issue had been since Ruby 2.5.0; 2.4 series is not vulnerable. Affected versions Ruby 2.5 series: 2.5.7 and earlier Ruby 2.6 series: 2.6.5 and earlier Ruby 2.7 series: 2.7.0 prior to master revision 61b7f86248bd121be2e83768be71ef289e8e5b90 Credits Thanks to Samuel Williams for discovering this issue. History Originally published at 2020-03-31 15:00:00 (UTC)CVE-2020-16255: Unsafe Object Creation Vulnerability in (JSON)
CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix) Posted by mame on 19 Mar 2020 There is an unsafe object creation vulnerability in the json gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2020-10663. We strongly recommend upgrading the json gem. Details When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parse(user_input), but didn’t address some other styles of JSON parsing including JSON(user_input) and JSON.parse(user_input, nil). See CVE-2013-0269 in detail. Note that the issue was exploitable to cause a Denial of Service by creating many garbage-uncollectable Symbol objects, but this kind of attack is no longer valid because Symbol objects are now garbage-collectable. However, creating arbitrary objects may cause severe security consequences depending upon the application code. Please update the json gem to version 2.3.0 or later. You can use gem update json to update it. If you are using bundler, please add gem "json", ">= 2.3.0" to your Gemfile. Affected versions JSON gem 2.2.0 or prior Credits Thanks to Jeremy Evans for discovering this issue. History Originally published at 2020-03-19 13:00:00 (UTC)The above seems to be due to an incomplete fix for CVE-2013-0269