{"id":"MGASA-2020-0285","summary":"Updated ruby packages fix security vulnerability","details":"Updated ruby packages fix security vulnerability:\n\nAn issue was discovered in Ruby through 2.5.7. If a victim calls\nBasicSocket#read_nonblock(requested_size, buffer, exception: false), the method\nresizes the buffer to fit the requested size, but no data is copied. Thus, the\nbuffer string provides the previous value of the heap. This may expose possibly\nsensitive data from the interpreter (CVE-2020-10933).\n","modified":"2026-04-16T04:43:26.519776580Z","published":"2020-07-07T13:47:37Z","upstream":["CVE-2020-10933"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0285.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26409"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-5-8-released/"}],"affected":[{"package":{"name":"ruby","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/ruby?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.8-21.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0285.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}