Updated ruby packages fix security vulnerability
Publication date: 07 Jul 2020Modification date: 07 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10933
Description
Updated ruby packages fix security vulnerability: An issue was discovered in Ruby through 2.5.7. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter (CVE-2020-10933).
References
SRPMS
7/core
- ruby-2.5.8-21.mga7