CentOS Update For Ruby CESA-2013:1090 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.

Affected

ruby on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2013-July/019862.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4073

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1625 (expat)
CentOS Security Advisory CESA-2009:0057 (squirrelmail)
CentOS Security Advisory CESA-2009:1490 (squirrelmail)
CentOS Security Advisory CESA-2009:1082 (cups)
CentOS Security Advisory CESA-2009:1541 (kernel)

CentOS Update for ruby CESA-2013:1090 centos6

Take action and discover your vulnerabilities