FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- multiple vulnerabilities

Affected packages
2.3.0,1 <= ruby < 2.3.8,1
2.4.0,1 <= ruby < 2.4.5,1
2.5.0,1 <= ruby < 2.5.2,1

Details

VuXML ID afc60484-0652-440e-b01a-5ef814747f06
Discovery 2018-10-17
Entry 2018-10-20

Ruby news:

CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly

An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives

Array#pack method converts the receiver's contents into a string with specified format. If the receiver contains some tainted objects, the returned string also should be tainted. String#unpack method which converts the receiver into an array also should propagate its tainted flag to the objects contained in the returned array. But, with B, b, H and h directives, the tainted flags are not propagated. So, if a script processes unreliable inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags, the check might be wrong.

References

CVE Name CVE-2018-16395
CVE Name CVE-2018-16396
URL https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
URL https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
URL https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/