CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly
An instance of OpenSSL::X509::Name contains entities such as CN, C and
so on. Some two instances of OpenSSL::X509::Name are equal only when
all entities are exactly equal. However, there is a bug that the
equality check is not correct if the value of an entity of the
argument (right-hand side) starts with the value of the receiver
(left-hand side). So, if a malicious X.509 certificate is passed to
compare with an existing certificate, there is a possibility to be
judged incorrectly that they are equal.
CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
Array#pack method converts the receiver's contents into a string with
specified format. If the receiver contains some tainted objects, the
returned string also should be tainted. String#unpack method which
converts the receiver into an array also should propagate its tainted
flag to the objects contained in the returned array. But, with B, b, H
and h directives, the tainted flags are not propagated. So, if a script
processes unreliable inputs by Array#pack and/or String#unpack with
these directives and checks the reliability with tainted flags, the
check might be wrong.