https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/ The equality check of OpenSSL::X509::Name is not correctly in openssl extension library bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2018-16395. Details An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal. It is strongly recommended for Ruby users to upgrade your Ruby installation or take one of the following workarounds as soon as possible. Affected Versions Ruby 2.3 series: 2.3.7 and earlier Ruby 2.4 series: 2.4.4 and earlier Ruby 2.5 series: 2.5.1 and earlier Ruby 2.6 series: 2.6.0-preview2 and earlier current trunk and earlier https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/ In Array#pack and String#unpack with some formats, the tainted flags of the original data are not propagated to the returned string/array. This vulnerability has been assigned the CVE identifier CVE-2018-16396. Details Array#pack method converts the receiver’s contents into a string with specified format. If the receiver contains some tainted objects, the returned string also should be tainted. String#unpack method which converts the receiver into an array also should propagate its tainted flag to the objects contained in the returned array. But, with B, b, H and h directives, the tainted flags are not propagated. So, if a script processes unreliable inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags, the check might be wrong. All users running an affected release should upgrade immediately. Affected Versions Ruby 2.3 series: 2.3.7 and earlier Ruby 2.4 series: 2.4.4 and earlier Ruby 2.5 series: 2.5.1 and earlier Ruby 2.6 series: 2.6.0-preview2 and earlier prior to trunk revision r65125
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b36cedbaf5692a91b54f4716e3822d71cf89303 commit 3b36cedbaf5692a91b54f4716e3822d71cf89303 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2018-10-18 05:35:57 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2018-10-18 05:36:12 +0000 dev-lang/ruby: add 2.4.5 Bug: https://bugs.gentoo.org/668904 Signed-off-by: Hans de Graaff <graaff@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 dev-lang/ruby/Manifest | 1 + dev-lang/ruby/ruby-2.4.5.ebuild | 229 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 230 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e220eddf18fd68d86b911c75b1d4ef17e25d4cea commit e220eddf18fd68d86b911c75b1d4ef17e25d4cea Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2018-10-19 05:34:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2018-10-19 05:34:00 +0000 dev-lang/ruby: add 2.5.3 Bug: https://bugs.gentoo.org/668904 Signed-off-by: Hans de Graaff <graaff@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 dev-lang/ruby/Manifest | 1 + dev-lang/ruby/ruby-2.5.3.ebuild | 224 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 225 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b65d79153da9e846568e86b9d9f9818a22fefba4 commit b65d79153da9e846568e86b9d9f9818a22fefba4 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2018-10-19 13:31:21 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2018-10-19 13:31:40 +0000 dev-lang/ruby: add 2.3.8 Bug: https://bugs.gentoo.org/668904 Signed-off-by: Hans de Graaff <graaff@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 dev-lang/ruby/Manifest | 2 + dev-lang/ruby/ruby-2.3.8.ebuild | 242 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 244 insertions(+)
amd64 stable
sparc stable
x86 stable
ppc/ppc64 stable
ia64 stable
arm stable
alpha stable
hppa stable
s390 stable
Cleanup done.
(In reply to Hans de Graaff from comment #13) > Cleanup done. Thanks, Hans!
