Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for ruby RHSA-2013:1090-01
Summary:The remote host is missing an update for the 'ruby'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'ruby'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to do system management tasks.

A flaw was found in Ruby's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. An attacker
could potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would need
to obtain a carefully-crafted certificate signed by an authority that the
client trusts. (CVE-2013-4073)

All users of Ruby are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue.

Affected Software/OS:
ruby on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4073
Debian Security Information: DSA-2738 (Google Search)
Debian Security Information: DSA-2809 (Google Search)
RedHat Security Advisories: RHSA-2013:1090
RedHat Security Advisories: RHSA-2013:1103
RedHat Security Advisories: RHSA-2013:1137
SuSE Security Announcement: openSUSE-SU-2013:1181 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1186 (Google Search)
CopyrightCopyright (c) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.