CVE-2018-16395

The CVE describes a bug in Ruby’s OpenSSL X509::Name equality check. Affected Ruby/OpenSSL versions are 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared, depending on ordering, non-equal names may compar...

CVE-2016-7798

CVE-2016-7798 affects the Ruby OpenSSL OpenSSL gem. The issue is incorrect handling of the IV in GCM mode when the IV is set before the key, enabling context-dependent attackers to bypass encryption protection. The connected advisories indicate fixed/upgraded versions in various distributions (e....