Debian — Security Information — DSA-4332-1 ruby2.3
Several vulnerabilities have been discovered in the interpreter for the
Ruby language. The Common Vulnerabilities and Exposures project
identifies the following problems:
Tyler Eckstein reported that the equality check of
OpenSSL::X509::Name could return true for non-equal objects. If a
malicious X.509 certificate is passed to compare with an existing
certificate, there is a possibility to be judged incorrectly that
they are equal.
Chris Seaton discovered that tainted flags are not propagated in
Array#pack and String#unpack with some directives.
For the stable distribution (stretch), these problems have been fixed in
We recommend that you upgrade your ruby2.3 packages.
For the detailed security status of ruby2.3 please refer to its security
tracker page at: