Описание
ELSA-2007-0965: Moderate: ruby security update (MODERATE)
[1.8.5-5.el5_1.1]
- security fix for CVE-2007-5162 and CVE-2007-5770
- ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL certificate. (#320331)
- Fix the multilib regression issue.
[1.8.5-5]
- security fix release.
- ruby-1.8.5-cgi-CVE-2006-6303.patch: fix a infinite loop with certain HTTP request. (#218290) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.oracle.com/pipermail/el-errata/attachments/20071123/5e0ea409/attachment.html
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
ruby
1.8.5-5.el5_1.1
ruby-devel
1.8.5-5.el5_1.1
ruby-docs
1.8.5-5.el5_1.1
ruby-irb
1.8.5-5.el5_1.1
ruby-libs
1.8.5-5.el5_1.1
ruby-mode
1.8.5-5.el5_1.1
ruby-rdoc
1.8.5-5.el5_1.1
ruby-ri
1.8.5-5.el5_1.1
ruby-tcltk
1.8.5-5.el5_1.1
Oracle Linux i386
ruby
1.8.5-5.el5_1.1
ruby-devel
1.8.5-5.el5_1.1
ruby-docs
1.8.5-5.el5_1.1
ruby-irb
1.8.5-5.el5_1.1
ruby-libs
1.8.5-5.el5_1.1
ruby-mode
1.8.5-5.el5_1.1
ruby-rdoc
1.8.5-5.el5_1.1
ruby-ri
1.8.5-5.el5_1.1
ruby-tcltk
1.8.5-5.el5_1.1
Связанные CVE
Связанные уязвимости
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, an ...
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.