[USN-596-1] Ruby vulnerabilities
Ubuntu Security Notice USN-596-1 March 26, 2008 ruby1.8 vulnerabilities CVE-2007-5162, CVE-2007-5770Kwetsbare Ubuntu versies:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
- Ubuntu 6.06 LTS
- libopenssl-ruby1.8 1.8.4-1ubuntu1.4
libruby1.8 1.8.4-1ubuntu1.4 - Ubuntu 6.10
- libopenssl-ruby1.8 1.8.4-5ubuntu1.3
libruby1.8 1.8.4-5ubuntu1.3 - Ubuntu 7.10
- libopenssl-ruby1.8 1.8.6.36-1ubuntu3.1
libruby1.8 1.8.6.36-1ubuntu3.1 - Ubuntu 7.04
- libopenssl-ruby1.8 1.8.5-4ubuntu2.1
libruby1.8 1.8.5-4ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby applications. (CVE-2007-5162) It was discovered that Ruby's FTPTLS, telnets, and IMAPS modules did not check the commonName when performing SSL certificate checks. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to eavesdrop on encrypted communications from Ruby applications using these protocols. (CVE-2007-5770)
Ubuntero van de maand - Mei 2008 - Laacque
01-05-2008
Ooievaar brengt “Ruige Reiger”!
24-04-2008
Hardy Release Parties 2008
15-04-2008
Ubuntu demonstratie 19 april a.s. in Apeldoorn
10-04-2008
Ubuntero van de maand - April 2008 - Eendje
02-04-2008
Onverwachte downtime
01-04-2008
Nu ook chatten via de ubuntu NL website
30-03-2008
Ubuntero van de maand - Maart 2008 - profoX
01-03-2008
Ubuntero van de maand - Februari 2008 - Gandyman
03-02-2008
Ubuntero van de maand - Januari 2008
03-01-2008
Lees het nieuws via RSS