[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4332-1 ruby2.3 -- ruby2.3

ID: oval:org.secpod.oval:def:53455Date: (C)2019-03-29   (M)2023-12-20
Class: PATCHFamily: unix




Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal. CVE-2018-16396 Chris Seaton discovered that tainted flags are not propagated in Array#pack and String#unpack with some directives.

Platform:
Linux Mint 3
Product:
ruby2.3
Reference:
DSA-4332-1
CVE-2018-16395
CVE-2018-16396
CVE    2
CVE-2018-16396
CVE-2018-16395
CPE    2
cpe:/a:ruby-lang:ruby2.3
cpe:/o:linux_mint:linux_mint:3

© SecPod Technologies