Nome do pacote
ruby
Data
2013-07-26
ID Alerta
MDVSA-2013:201
Versões afetadas
MBS1 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in ruby:

A flaw was found in Ruby's SSL client's hostname identity check
when handling certificates that contain hostnames with NULL
bytes. An attacker could potentially exploit this flaw to conduct
man-in-the-middle attacks to spoof SSL servers. Note that to exploit
this issue, an attacker would need to obtain a carefully-crafted
certificate signed by an authority that the client trusts
(CVE-2013-4073).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MBS1 x86_64

 058283c98b01a2fdba4f472fdfcba5cf  mbs1/x86_64/ruby-1.8.7.p358-2.2.mbs1.x86_64.rpm
 59f0c4870555c0d62bb9075289e78932  mbs1/x86_64/ruby-devel-1.8.7.p358-2.2.mbs1.x86_64.rpm
 a332f7937de158d24ffbe1fbb73fa1b3  mbs1/x86_64/ruby-doc-1.8.7.p358-2.2.mbs1.noarch.rpm
 1dd591b903a7d79b0795e687fab8ff31  mbs1/x86_64/ruby-tk-1.8.7.p358-2.2.mbs1.x86_64.rpm 
 aa8a688288b3170c1d91ef1f014d9b67  mbs1/SRPMS/ruby-1.8.7.p358-2.2.mbs1.src.rpm

Referências