ruby-2.0.0.648-34.0.1.el7.AXS7
エラータID: AXSA:2019-3740:01
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* ruby: OpenSSL::X509::Name equality check does not work correctly (CVE-2018-16395)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-16395
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
Update packages.
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
N/A
SRPMS
- ruby-2.0.0.648-34.0.1.el7.AXS7.src.rpm
MD5: 61861b7440c0401dcd3e2e9ff1d32361
SHA-256: 76dc73102b00ede75c31a09378388d3ccad7ddb82c5092c014f6cc03806a1f5f
Size: 10.20 MB
Asianux Server 7 for x86_64
- ruby-2.0.0.648-34.0.1.el7.AXS7.x86_64.rpm
MD5: 287a280dc2b214c204fcd49267f4bb9d
SHA-256: a3e1712724a76695d91e302ceb7023cb4a23d374678979916b9f41fff8a23ad2
Size: 70.20 kB - rubygem-bigdecimal-1.2.0-34.0.1.el7.AXS7.x86_64.rpm
MD5: 6bad3f9db05685cf4407ec33f9cd1aa9
SHA-256: 4d07f05a1ce80f9a9e6a4cfac3306538686e34e432b63363e5bb131f499b8fba
Size: 82.10 kB - rubygem-io-console-0.4.2-34.0.1.el7.AXS7.x86_64.rpm
MD5: 1603856a3ed5190bfc407bca5a184a24
SHA-256: 4ab4ec834e69715587d08c6bbfda64629300c72ab8a198ba69b47e0561c1afc0
Size: 53.17 kB - rubygem-json-1.7.7-34.0.1.el7.AXS7.x86_64.rpm
MD5: c8b78e9aa08d004b1a3adfc2dd79e7a1
SHA-256: 556b0e8b4234e6d05e9f8de51cfa735941970320c4742dea12f02a9c1da36a6a
Size: 78.70 kB - rubygem-psych-2.0.0-34.0.1.el7.AXS7.x86_64.rpm
MD5: d7890df91444fbfc3801154ce512831e
SHA-256: c7b85d3a62e682bf8bed181a7de8edda4eae3779c83b23f7532e5e0c1e5b71ad
Size: 81.59 kB - rubygem-rdoc-4.0.0-34.0.1.el7.AXS7.noarch.rpm
MD5: 5fb1bcb4848ecf80a9fc121f420a85d9
SHA-256: 5af69527d1a2ad2be1e413c63667157235da86e2018215f92f48fc0de906c6eb
Size: 320.95 kB - rubygems-2.0.14.1-34.0.1.el7.AXS7.noarch.rpm
MD5: 62a42e3a8159e06fac058b790cd96891
SHA-256: 7d3e10df243fe917ddd911248dc23b0c92237168dab55906f58b9122fc3d5ca0
Size: 218.51 kB - ruby-irb-2.0.0.648-34.0.1.el7.AXS7.noarch.rpm
MD5: e7b37202f5c314f99cc4ebc8e73ac0ed
SHA-256: 210e0ade478bc84adf54d64de8d3ee7d3d182024db68dfcc90d94b3284c4103b
Size: 91.22 kB - ruby-libs-2.0.0.648-34.0.1.el7.AXS7.x86_64.rpm
MD5: b977b1ad66de7067ad879a6e6791d40a
SHA-256: 9385ad52a49461a3fc5a25b963d192cab933a30ce06ca13cf80400e95d23ee20
Size: 2.80 MB - ruby-libs-2.0.0.648-34.0.1.el7.AXS7.i686.rpm
MD5: 0c0d44db3930ed9893c739d3dd77eaa2
SHA-256: 8c54546278197adf9e899167368bc65424efd2df265c5d185f77eb7b85c2df3b
Size: 2.83 MB