ALASRUBY3.0-2023-002

A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. (CVE-2022-28738)

A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read. (CVE-2022-28739)

aarch64:
    ruby-3.0.4-155.amzn2.0.1.aarch64
    ruby-devel-3.0.4-155.amzn2.0.1.aarch64
    ruby-libs-3.0.4-155.amzn2.0.1.aarch64
    rubygem-bigdecimal-3.0.0-155.amzn2.0.1.aarch64
    rubygem-io-console-0.5.7-155.amzn2.0.1.aarch64
    rubygem-json-2.5.1-155.amzn2.0.1.aarch64
    rubygem-psych-3.3.2-155.amzn2.0.1.aarch64
    ruby-debuginfo-3.0.4-155.amzn2.0.1.aarch64

noarch:
    rubygems-3.2.33-155.amzn2.0.1.noarch
    rubygems-devel-3.2.33-155.amzn2.0.1.noarch
    ruby-default-gems-3.0.4-155.amzn2.0.1.noarch
    rubygem-irb-1.3.5-155.amzn2.0.1.noarch
    rubygem-rdoc-6.3.3-155.amzn2.0.1.noarch
    ruby-doc-3.0.4-155.amzn2.0.1.noarch
    rubygem-bundler-2.2.33-155.amzn2.0.1.noarch
    rubygem-minitest-5.14.2-155.amzn2.0.1.noarch
    rubygem-power_assert-1.2.0-155.amzn2.0.1.noarch
    rubygem-rake-13.0.3-155.amzn2.0.1.noarch
    rubygem-rbs-1.4.0-155.amzn2.0.1.noarch
    rubygem-test-unit-3.3.7-155.amzn2.0.1.noarch
    rubygem-rexml-3.2.5-155.amzn2.0.1.noarch
    rubygem-rss-0.2.9-155.amzn2.0.1.noarch
    rubygem-typeprof-0.15.2-155.amzn2.0.1.noarch

src:
    ruby-3.0.4-155.amzn2.0.1.src

x86_64:
    ruby-3.0.4-155.amzn2.0.1.x86_64
    ruby-devel-3.0.4-155.amzn2.0.1.x86_64
    ruby-libs-3.0.4-155.amzn2.0.1.x86_64
    rubygem-bigdecimal-3.0.0-155.amzn2.0.1.x86_64
    rubygem-io-console-0.5.7-155.amzn2.0.1.x86_64
    rubygem-json-2.5.1-155.amzn2.0.1.x86_64
    rubygem-psych-3.3.2-155.amzn2.0.1.x86_64
    ruby-debuginfo-3.0.4-155.amzn2.0.1.x86_64