ruby-3.1.2

[Bruce Dubbs]

New point version.

[Douglas R. Reno]

Grab security updates

[Douglas R. Reno]

---

CVE-2022-28738: Double free in Regexp compilation

A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby. Details

Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability. Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.

Please update Ruby to 3.0.4, or 3.1.2.

Affected versions

ruby 3.0.3 or prior

ruby 3.1.1 or prior

Note that ruby 2.6 series and 2.7 series are not affected.

History

Originally published at 2022-04-12 12:00:00 (UTC)

[Douglas R. Reno]

---

CVE-2022-28739: Buffer overrun in String-to-Float conversion

A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby.

Details

Due to a bug in an internal function that converts a String to a Float, some conversion methods like Kernel#Float and String#to_f could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but under limited circumstances, it may be exploitable for illegal memory read.

Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2.

Affected versions

ruby 2.6.9 or prior

ruby 2.7.5 or prior

ruby 3.0.3 or prior

ruby 3.1.1 or prior

History

Originally published at 2022-04-12 12:00:00 (UTC)

[Douglas R. Reno]

Fixed at 09cf41d57a5e6b069096d19d9e8933009567c8a9

[Douglas R. Reno]

Security Advisory 11.1-030 issued