CVE-2022-28738
Description
Moderate: ruby security, bug fix, and enhancement update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description Ruby: Double free in Regexp compilation Red Hat statement Ruby 2.6 series and 2.7 series are not affected. CVSS v3: 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8ruby:3.0-8060020220810162001.ad008a3aRHSA-2022:64502022-09-13T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
Ruby: Double free in Regexp compilation
Red Hat statement
Ruby 2.6 series and 2.7 series are not affected.
CVSS v3: 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | ruby:3.0-8060020220810162001.ad008a3a | RHSA-2022:6450 | 2022-09-13T00:00:00Z |
| Red Hat Enterprise Linux 9 | ruby-0:3.0.4-160.el9_0 | RHSA-2022:6585 | 2022-09-20T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-ruby30-ruby-0:3.0.4-149.el7 | RHSA-2022:6855 | 2022-10-11T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | ruby | Not affected |
| Red Hat Enterprise Linux 7 | ruby | Not affected |
| Red Hat Enterprise Linux 8 | ruby:2.5/ruby | Not affected |
| Red Hat Enterprise Linux 8 | ruby:2.6/ruby | Not affected |
| Red Hat Enterprise Linux 8 | ruby:2.7/ruby | Not affected |
| Red Hat Software Collections | rh-ruby27-ruby | Not affected |
Apply commands
yum update -y ruby:3
# or:
dnf upgrade -y ruby:3Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Software Collections | Not affected |
OS impact
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | rubygem-typeprof-0.15.2-160.el9_0.noarch.rpm |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Fixed | 3.0.4-1 |
Debian Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| bullseye | Fixed | 0 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2022:6585
- https://errata.rockylinux.org/RLSA-2022:6450
- https://errata.rockylinux.org/RLSA-2022:6585
- https://security-tracker.debian.org/tracker/CVE-2022-28738
- https://bugzilla.redhat.com/2075685
- https://bugzilla.redhat.com/2075687
- https://errata.almalinux.org/9/ALSA-2022-6585.html
- https://access.redhat.com/errata/RHSA-2022:6450
- https://bugzilla.redhat.com/2025104
- https://bugzilla.redhat.com/2026757
- https://errata.almalinux.org/8/ALSA-2022-6450.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.