ruby-2.0.0.648-34.0.1.el7.AXS7

エラータID: AXSA:2019-3740:01

リリース日: 
2019/03/22 Friday - 04:07
題名: 
ruby-2.0.0.648-34.0.1.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Ruby の OpenSSL ライブラリには,二つの OpenSSL::X509::Name
オブジェクトを == で比較する場合,順番によって等しくないオブジェクト
が真を返す可能性のある問題があります。この問題により,正規のものとして
みなされる不正な証明書の作成につながり,署名あるいは暗号化の操作に使用
される脆弱性があります。
(CVE-2018-16395)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2018-16395
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. ruby-2.0.0.648-34.0.1.el7.AXS7.src.rpm
    MD5: 61861b7440c0401dcd3e2e9ff1d32361
    SHA-256: 76dc73102b00ede75c31a09378388d3ccad7ddb82c5092c014f6cc03806a1f5f
    Size: 10.20 MB

Asianux Server 7 for x86_64
  1. ruby-2.0.0.648-34.0.1.el7.AXS7.x86_64.rpm
    MD5: 287a280dc2b214c204fcd49267f4bb9d
    SHA-256: a3e1712724a76695d91e302ceb7023cb4a23d374678979916b9f41fff8a23ad2
    Size: 70.20 kB
  2. rubygem-bigdecimal-1.2.0-34.0.1.el7.AXS7.x86_64.rpm
    MD5: 6bad3f9db05685cf4407ec33f9cd1aa9
    SHA-256: 4d07f05a1ce80f9a9e6a4cfac3306538686e34e432b63363e5bb131f499b8fba
    Size: 82.10 kB
  3. rubygem-io-console-0.4.2-34.0.1.el7.AXS7.x86_64.rpm
    MD5: 1603856a3ed5190bfc407bca5a184a24
    SHA-256: 4ab4ec834e69715587d08c6bbfda64629300c72ab8a198ba69b47e0561c1afc0
    Size: 53.17 kB
  4. rubygem-json-1.7.7-34.0.1.el7.AXS7.x86_64.rpm
    MD5: c8b78e9aa08d004b1a3adfc2dd79e7a1
    SHA-256: 556b0e8b4234e6d05e9f8de51cfa735941970320c4742dea12f02a9c1da36a6a
    Size: 78.70 kB
  5. rubygem-psych-2.0.0-34.0.1.el7.AXS7.x86_64.rpm
    MD5: d7890df91444fbfc3801154ce512831e
    SHA-256: c7b85d3a62e682bf8bed181a7de8edda4eae3779c83b23f7532e5e0c1e5b71ad
    Size: 81.59 kB
  6. rubygem-rdoc-4.0.0-34.0.1.el7.AXS7.noarch.rpm
    MD5: 5fb1bcb4848ecf80a9fc121f420a85d9
    SHA-256: 5af69527d1a2ad2be1e413c63667157235da86e2018215f92f48fc0de906c6eb
    Size: 320.95 kB
  7. rubygems-2.0.14.1-34.0.1.el7.AXS7.noarch.rpm
    MD5: 62a42e3a8159e06fac058b790cd96891
    SHA-256: 7d3e10df243fe917ddd911248dc23b0c92237168dab55906f58b9122fc3d5ca0
    Size: 218.51 kB
  8. ruby-irb-2.0.0.648-34.0.1.el7.AXS7.noarch.rpm
    MD5: e7b37202f5c314f99cc4ebc8e73ac0ed
    SHA-256: 210e0ade478bc84adf54d64de8d3ee7d3d182024db68dfcc90d94b3284c4103b
    Size: 91.22 kB
  9. ruby-libs-2.0.0.648-34.0.1.el7.AXS7.x86_64.rpm
    MD5: b977b1ad66de7067ad879a6e6791d40a
    SHA-256: 9385ad52a49461a3fc5a25b963d192cab933a30ce06ca13cf80400e95d23ee20
    Size: 2.80 MB
  10. ruby-libs-2.0.0.648-34.0.1.el7.AXS7.i686.rpm
    MD5: 0c0d44db3930ed9893c739d3dd77eaa2
    SHA-256: 8c54546278197adf9e899167368bc65424efd2df265c5d185f77eb7b85c2df3b
    Size: 2.83 MB