Bug 1643086 (CVE-2018-16395)
| Summary: | CVE-2018-16395 ruby: OpenSSL::X509::Name equality check does not work correctly | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abhgupta, bkearney, bmcclain, cbillett, dbaker, dblechte, dfediuck, eedri, hhorak, jaruga, jokerman, jorton, mgoldboi, michal.skrivanek, mo, mtasaka, pvalena, ruby-maint, sbonazzo, sherold, s, sthangav, strzibny, tomckay, trankin, vanmeeuwen+fedora, vondruch, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-11-30 09:34:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1643091, 1643092, 1643627, 1643628, 1643629, 1643630, 1643631, 1643632, 1643633, 1643634, 1643635, 1719433, 1719434 | ||
| Bug Blocks: | 1643090 | ||
|
Description
Andrej Nemec
2018-10-25 13:35:45 UTC
Created ruby tracking bugs for this issue: Affects: fedora-all [bug 1643091] Upstream Hackerone Report: https://hackerone.com/reports/387250 Statement: Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. Red Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3729 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3730 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3731 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3738 https://access.redhat.com/errata/RHSA-2018:3738 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1948 https://access.redhat.com/errata/RHSA-2019:1948 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:2565 https://access.redhat.com/errata/RHSA-2019:2565 |