[ALAS2-2022-1853] Amazon Linux 2 2017.12 - ALAS2-2022-1853: medium priority package update for ruby
Severity
Medium
Affected Packages
34
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-28739:
A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read.
- ID
- ALAS2-2022-1853
- Severity
- medium
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2022-1853.html
- Published
-
2022-09-30T07:04:00
(23 months ago) - Modified
-
2022-10-10T21:54:00
(23 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2022-1638
-
ALPINE:CVE-2022-28739
-
ALSA-2022:6447
-
ALSA-2022:6450
-
ALSA-2022:6585
-
ALSA-2023:7025
-
ELSA-2022-5338
-
ELSA-2022-6447
-
ELSA-2022-6450
-
ELSA-2022-6585
-
ELSA-2023-12064
-
ELSA-2023-7025
-
FEDORA-2022-82a9edac27
-
FEDORA-2022-8cf0124add
-
FEDORA-2022-a7ca6ee0cf
-
FREEBSD:06ED6A49-BAD4-11EC-9CFE-0800270512F4
-
GLSA-202401-27
-
MS:CVE-2022-28739
-
RHSA-2022:5338
-
RHSA-2022:6447
-
RHSA-2022:6450
-
RHSA-2022:6585
-
RHSA-2023:7025
-
RLSA-2022:5338
-
RLSA-2022:6447
-
RLSA-2022:6450
-
RLSA-2022:6585
-
SSA:2022-103-01
-
SUSE-SU-2022:1512-1
-
USN-5462-1
-
USN-5462-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2022-28739 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/rubygems?arch=noarch&distro=amazonlinux-2 | amazonlinux |
 rubygems
|
< 2.0.14.1-36.amzn2.0.3 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygems-devel?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygems-devel
|
< 2.0.14.1-36.amzn2.0.3 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-rdoc?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-rdoc
|
< 4.0.0-36.amzn2.0.3 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-rake?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-rake
|
< 0.9.6-36.amzn2.0.3 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-psych?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-psych
|
< 2.0.0-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-minitest?arch=noarch&distro=amazonlinux-2 | amazonlinux |
rubygem-minitest
|
< 4.3.2-36.amzn2.0.3 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-json?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-json
|
< 1.7.7-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-io-console?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-io-console
|
< 0.4.2-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=i686&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/rubygem-bigdecimal?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
rubygem-bigdecimal
|
< 1.2.0-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-tcltk?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-tcltk
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-libs?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-libs
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-irb?arch=noarch&distro=amazonlinux-2 | amazonlinux |
ruby-irb
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/ruby-doc?arch=noarch&distro=amazonlinux-2 | amazonlinux |
ruby-doc
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | noarch | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-devel
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=i686&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/ruby-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
ruby-debuginfo
|
< 2.0.0.648-36.amzn2.0.3 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |