Solution
Please Install the Updated Packages.
Insight
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to do system management tasks.
A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073)
All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
Affected
ruby on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4073 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities