|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for ruby RHSA-2013:1090-01|
|Summary:||The remote host is missing an update for the 'ruby'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'ruby'
package(s) announced via the referenced advisory.
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to do system management tasks.
A flaw was found in Ruby's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. An attacker
could potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would need
to obtain a carefully-crafted certificate signed by an authority that the
client trusts. (CVE-2013-4073)
All users of Ruby are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue.
ruby on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2013-4073|
Debian Security Information: DSA-2738 (Google Search)
Debian Security Information: DSA-2809 (Google Search)
RedHat Security Advisories: RHSA-2013:1090
RedHat Security Advisories: RHSA-2013:1103
RedHat Security Advisories: RHSA-2013:1137
SuSE Security Announcement: openSUSE-SU-2013:1181 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:1186 (Google Search)
|Copyright||Copyright (c) 2014 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.