Mandriva Update For Ruby MDVSA-2008:029 (ruby) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN (common name) attribute in SSL certificates against the server's hostname. The updated packages have been patched to prevent the issue.

Affected

ruby on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-5770, CVE-2008-5162
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:046 (dia)
Mandrake Security Advisory MDVSA-2009:125 (wireshark)
Mandrake Security Advisory MDVSA-2009:105 (memcached)
Mandrake Security Advisory MDVSA-2009:051 (libpng)
Mandrake Security Advisory MDVSA-2009:192 (phpmyadmin)

Mandriva Update for ruby MDVSA-2008:029 (ruby)

Take action and discover your vulnerabilities