[ALAS2-2022-1853] Amazon Linux 2 2017.12 - ALAS2-2022-1853: medium priority package update for ruby
Severity
Medium
Affected Packages
34
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-28739:
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
- ID
- ALAS2-2022-1853
- Severity
- medium
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2022-1853.html
- Published
-
2022-09-30T07:04:00
(23 months ago) - Modified
-
2022-10-10T21:54:00
(23 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2022-1638
- ALPINE:CVE-2022-28739
- ALSA-2022:6447
- ALSA-2022:6450
- ALSA-2022:6585
- ALSA-2023:7025
- ELSA-2022-5338
- ELSA-2022-6447
- ELSA-2022-6450
- ELSA-2022-6585
- ELSA-2023-12064
- ELSA-2023-7025
- FEDORA-2022-82a9edac27
- FEDORA-2022-8cf0124add
- FEDORA-2022-a7ca6ee0cf
- FREEBSD:06ED6A49-BAD4-11EC-9CFE-0800270512F4
- GLSA-202401-27
- MS:CVE-2022-28739
- RHSA-2022:5338
- RHSA-2022:6447
- RHSA-2022:6450
- RHSA-2022:6585
- RHSA-2023:7025
- RLSA-2022:5338
- RLSA-2022:6447
- RLSA-2022:6450
- RLSA-2022:6585
- SSA:2022-103-01
- SUSE-SU-2022:1512-1
- USN-5462-1
- USN-5462-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-28739 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/rubygems?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygems | < 2.0.14.1-36.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygems-devel?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygems-devel | < 2.0.14.1-36.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-rdoc?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygem-rdoc | < 4.0.0-36.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-rake?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygem-rake | < 0.9.6-36.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-psych | < 2.0.0-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-psych | < 2.0.0-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-psych | < 2.0.0-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/rubygem-minitest?arch=noarch&distro=amazonlinux-2 | amazonlinux | rubygem-minitest | < 4.3.2-36.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/rubygem-json?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-json | < 1.7.7-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-json?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-json | < 1.7.7-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-json?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-json | < 1.7.7-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-io-console | < 0.4.2-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-io-console | < 0.4.2-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-io-console | < 0.4.2-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=x86_64&distro=amazonlinux-2 | amazonlinux | rubygem-bigdecimal | < 1.2.0-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=i686&distro=amazonlinux-2 | amazonlinux | rubygem-bigdecimal | < 1.2.0-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=aarch64&distro=amazonlinux-2 | amazonlinux | rubygem-bigdecimal | < 1.2.0-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-tcltk | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-tcltk | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-tcltk | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-libs | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-libs | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-libs?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-libs | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-2 | amazonlinux | ruby-irb | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/ruby-doc?arch=noarch&distro=amazonlinux-2 | amazonlinux | ruby-doc | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-devel | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-devel | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-devel | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | ruby-debuginfo | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-2 | amazonlinux | ruby-debuginfo | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | ruby-debuginfo | < 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |