[SECURITY] [DLA 2996-1] mruby security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2996-1] mruby security update
From: Abhijith PA <abhijith@debian.org>
Date: Fri, 6 May 2022 13:53:30 +0530
Message-id: <[🔎] YnTbAhG+NinH29bs@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2996-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
May 06, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mruby
Version        : 1.2.0+20161228+git30d5424a-1+deb9u1
CVE ID         : CVE-2017-9527 CVE-2018-10191 CVE-2018-11743 CVE-2018-12249 
                 CVE-2018-14337 CVE-2020-15866

Multiple security issues were discovered in mruby, a lightweight 
implementation of the Ruby language 

CVE-2017-9527

    heap-based use-after-free vulnerability allows attackers to cause 
    a denial of service or possibly have unspecified other impact via 
    a crafted .rb file

CVE-2018-10191

    an integer overflow exists when handling OP_GETUPVAR in the 
    presence of deep scope nesting, resulting in a use-after-free. An 
    attacker that can cause Ruby code to be run can use this to 
    possibly execute arbitrary code

CVE-2018-11743

    uninitialized pointer which allows attackers to cause a denial of 
    service or possibly have unspecified other impact.

CVE-2018-12249

    There is a NULL pointer dereference in mrb_class_real because 
    "class BasicObject" is not properly supported in class.c.

CVE-2018-14337

    a signed integer overflow, possibly leading to out-of-bounds 
    memory access because the mrb_str_resize function in string.c does 
    not check for a negative length

CVE-2020-15866

    a heap-based buffer overflow in the mrb_yield_with_class function 
    in vm.c because of incorrect VM stack handling

For Debian 9 stretch, these problems have been fixed in version
1.2.0+20161228+git30d5424a-1+deb9u1.

We recommend that you upgrade your mruby packages.

For the detailed security status of mruby please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mruby

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmJ02wIACgkQhj1N8u2c
KO9D5Q/9HNnc1LRSZ7lJm8+yE+sN9Pd+58VprfzlSC5VQoxkRM0UBMUPrDzfLyTj
fs6rUn6tt78+XTorGj2nkB4REzEXVAcsdq09BZTs5kdQmYHxK1wSOcQKj6Dc5r34
jQcExVJvjWehqjKc7Y75OXIBCzzh7qBZnyDdM80Buaz1i4nSCpUCnFpcNLrlIhP5
AvYSuRyMBXTgPHY4XDvgBCMSuwq+Y5hf+6PWJXH/S/9g51lfvgz0dvhzR+zM2oQH
70CKeGVYhWugqpXFXlSFijeaDZAY2rBZCYvLvWistPSvNUVabrARaYNZPiAjGjYh
Z/k8tYKyV7pIv3sJft/8cMmK3hqQ9ZDrvPH0r9qBE0WfD/syexcpM2VHKSOQU+4n
nAWIo1TIp9vx5ob23vr+i/sg3CxRR5XeMLBrCGKsBqJBDnubRnJm/Zgm+euLgmDd
tCLOZG+KzNcf4Qtv5DlmpmKMFvbFRrEuYjPoQvKjykc/XqKnXel7VsW2yU4Qnr4l
5vOSBe1G2fXcJmYoPo1AB5LUBgYKygmEfX6WGXA9fdK5P3/JXBYUCo6c+AGTxEFZ
wcBKrc9f0LgwC65/mioAT02BRGQ4BjWeYbV38uX9f3KW8g+DnAaS7ao90ySMDu+d
lZEMt63HrehZxJheZMuqNdkHjeDiaLcZSjR15d460064SC2CbqM=
=b/x/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2995-1] smarty3 security update
Next by Date: [SECURITY] [DLA 2997-1] ecdsautils security update
Previous by thread: [SECURITY] [DLA 2995-1] smarty3 security update
Next by thread: [SECURITY] [DLA 2997-1] ecdsautils security update
Index(es):
- Date
- Thread