1833040 – CVE-2020-10933: Heap exposure vulnerability in the socket library

Bug 1833040 - CVE-2020-10933: Heap exposure vulnerability in the socket library

Summary: CVE-2020-10933: Heap exposure vulnerability in the socket library

Keywords:
Status:	CLOSED DUPLICATE of bug 1833293
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ruby
Sub Component:
Version:	31
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Pavel Valena
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-05-07 17:15 UTC by Randy Barlow
Modified:	2020-05-11 08:01 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-11 08:01:01 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Randy Barlow 2020-05-07 17:15:48 UTC

See https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/

I see that Fedora 32 has 2.7.1, which has the fix. However, Fedora 30 and 31 both have 2.6.5, so they are both vulnerable.

Comment 1 Pavel Valena 2020-05-07 23:20:23 UTC

I'm working on those rebases.

Comment 2 Vít Ondruch 2020-05-11 08:01:01 UTC

Let's close this in favor of the official security tracking bug.

*** This bug has been marked as a duplicate of bug 1833293 ***

Note You need to log in before you can comment on or make changes to this bug.