FreeBSD : ruby -- multiple vulnerabilities (afc60484-0652-440e-b01a-5ef814747f06)
High Nessus Plugin ID 118247
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Ruby news :
CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.
CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives
Array#pack method converts the receiver's contents into a string with specified format. If the receiver contains some tainted objects, the returned string also should be tainted. String#unpack method which converts the receiver into an array also should propagate its tainted flag to the objects contained in the returned array. But, with B, b, H and h directives, the tainted flags are not propagated. So, if a script processes unreliable inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags, the check might be wrong.
Solution
Update the affected packages.