libmruby3_4_0-3.4.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16395 Final 1 1 2025-07-09T00:00:00Z current 2025-07-09T00:00:00Z 2025-07-09T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmruby3_4_0-3.4.0-1.1 on GA media These are all security issues fixed in the libmruby3_4_0-3.4.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16395 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0623/ SUSE CVE CVE-2022-0623 page https://www.suse.com/security/cve/CVE-2022-0717/ SUSE CVE CVE-2022-0717 page https://www.suse.com/security/cve/CVE-2022-1276/ SUSE CVE CVE-2022-1276 page https://www.suse.com/security/cve/CVE-2025-7207/ SUSE CVE CVE-2025-7207 page openSUSE Tumbleweed libmruby3_4_0-3.4.0-1.1 libmruby_core3_4_0-3.4.0-1.1 mruby-3.4.0-1.1 mruby-devel-3.4.0-1.1 libmruby3_4_0-3.4.0-1.1 as a component of openSUSE Tumbleweed libmruby_core3_4_0-3.4.0-1.1 as a component of openSUSE Tumbleweed mruby-3.4.0-1.1 as a component of openSUSE Tumbleweed mruby-devel-3.4.0-1.1 as a component of openSUSE Tumbleweed Out-of-bounds Read in Homebrew mruby prior to 3.2. CVE-2022-0623 openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1 openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1 openSUSE Tumbleweed:mruby-3.4.0-1.1 openSUSE Tumbleweed:mruby-devel-3.4.0-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0623.html CVE-2022-0623 https://bugzilla.suse.com/1196106 SUSE Bug 1196106 Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. CVE-2022-0717 openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1 openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1 openSUSE Tumbleweed:mruby-3.4.0-1.1 openSUSE Tumbleweed:mruby-devel-3.4.0-1.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0717.html CVE-2022-0717 https://bugzilla.suse.com/1196366 SUSE Bug 1196366 Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. CVE-2022-1276 openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1 openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1 openSUSE Tumbleweed:mruby-3.4.0-1.1 openSUSE Tumbleweed:mruby-devel-3.4.0-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1276.html CVE-2022-1276 https://bugzilla.suse.com/1198288 SUSE Bug 1198288 A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue. CVE-2025-7207 openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1 openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1 openSUSE Tumbleweed:mruby-3.4.0-1.1 openSUSE Tumbleweed:mruby-devel-3.4.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-7207.html CVE-2025-7207 https://bugzilla.suse.com/1246138 SUSE Bug 1246138