DSA-4332-1 ruby2.3 -- ruby2.3ID: oval:org.secpod.oval:def:603562 | Date: (C)2018-11-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal. CVE-2018-16396 Chris Seaton discovered that tainted flags are not propagated in Array#pack and String#unpack with some directives.
Product: |
libruby2.3 |
ruby2.3 |