Wind River Support Network

HomeDefectsLIN7-7502

Fixed

LIN7-7502 : Security Advisory - ruby - CVE-2016-7798

Created: Feb 9, 2017 Updated: Sep 8, 2018

Resolved Date: Feb 20, 2017

Found In Version: 7.0.0.22

Fix Version: 7.0.0.23

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7798

Other Downloads

Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2016-7798