Ruby OpenSSL CVE-2018-16395 Certificate Validation Security Bypass Vulnerability

Bugtraq ID:	105952
Class:	Design Error
CVE:	CVE-2018-16395
Remote:	Yes
Local:	No
Published:	Oct 17 2018 12:00AM
Updated:	Oct 17 2018 12:00AM
Credit:	Tyler Eckstein
Vulnerable:	Ruby-Lang Ruby 2.4.3 Ruby-Lang Ruby 2.4.2 Ruby-Lang Ruby 2.4.1 Ruby-Lang Ruby 2.3.6 Ruby-Lang Ruby 2.3.5 Ruby-Lang Ruby 2.3.4 Ruby-Lang Ruby 2.3 Ruby-Lang Ruby 2.6.0-preview1 Ruby-Lang Ruby 2.5.1 Ruby-Lang Ruby 2.5.0 Ruby-Lang Ruby 2.4.4 Ruby-Lang Ruby 2.4.0 Ruby-Lang Ruby 2.3.7 Ruby-Lang openssl 0
Not Vulnerable:	Ruby-Lang Ruby 2.6.0-preview3 Ruby-Lang Ruby 2.5.2 Ruby-Lang Ruby 2.4.5 Ruby-Lang Ruby 2.3.8

Ruby OpenSSL CVE-2018-16395 Certificate Validation Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.