The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


FLEA-2007-0068-1 ruby


<< Previous INDEX Search src / Print Next >>
Date: Sun, 11 Nov 2007 20:08:53 -0900
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@foresightlinux.org.>
To: [email protected]
Subject: FLEA-2007-0068-1 ruby
Message-ID: <4737dfe5.JvlUNcXipuqnh/vA%[email protected]>
User-Agent: Heirloom mailx 12.2 01/07/07
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0068-1
Published: 2007-11-11

Rating: Minor

Updated Versions:
    ruby=/conary.rpath.com@rpl:devel//1/1.8.6_p110-1-0.1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.1-0.2-3

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162

Description:
    Previous versions of the ruby package include a library, Net::HTTPS, which
    does not properly verify the CN (common name) field in ssl certificates,
    making it easier to perform a man-in-the-middle attack.

    It is believed that Foresight Linux does not include any programs which
    rely on this feature of the Net::HTTPS library, and so is not affected by
    default.

- ---


Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRzffzNfwEn07iAtZAQLx/g/8DQHUZnmhYJCYAgiUQsN5PGTbBEWpZdN4
VxaCBPxhZL378cl4r/eBc4+CH/nni+dOlea/MVRMhKYxtERt5LnM79fa2ur2uIdk
Vt8QKACYe52OltlPw3kAgdDeVVlWZnyYl2V9Py+dMgwRdrcWiyv0RAuc8FQYUc7w
z2ROUIyPXlVU0a2/LTvkIyQigfugQVSlRtmTqVDZIeAYn1W4u8u8nw3MjcX4Vz+H
78IEB82yxuTzKBwj+tXldZmb4iecVYiAFYddPQNjcYMEZBPaysQCp9dE/aPE3Odq
ncKBqNTsnbWJxICLlxMFx0O/iF/dBHQVgd5KhXcdgQZPIPzc7FdJW3AjNv4YSIcW
V3CTt8WHbUDn1b9XKHMQ0sCOkOsrPgWwuJk2POYjfJWAvY8HcSid0RTbBylEsNIj
D0aVRY7ykhn36xTmRtrCqlIJZ6vBCWgnhMKdTZ16dcN2YzyzapflQZ0AD1D0p3xQ
OWjVMgotP8ZNotNsVLctigyC836Bpqu2XrKFY5lSvRcrS8TcHr/JeSwSdnEjjwTO
8Mai0QNYYa3cULXpRQSFbt8q1A3UZ3QZMGE+EvUAhYTsxRAnPgAjsS31v/qLIfe7
SIzIJwIHLrZTk/SMz6bFC9BjJ1ybUR1RA47pCmNOkVjQaudttqRJiLq1TtXh/I/Q
V1w0i/aDmGc=
=Dd9Q
-----END PGP SIGNATURE-----


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру