LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: ruby security update
Advisory ID:       SLSA-2013:1090-1
Issue Date:        2013-07-17
CVE Numbers:       CVE-2013-4073
--

A flaw was found in Ruby's SSL client's hostname identity check when
handling certificates that contain hostnames with NULL bytes. An attacker
could potentially exploit this flaw to conduct man-in-the-middle attacks
to spoof SSL servers. Note that to exploit this issue, an attacker would
need to obtain a carefully-crafted certificate signed by an authority that
the client trusts. (CVE-2013-4073)
--

SL5
  x86_64
    ruby-1.8.5-31.el5_9.x86_64.rpm
    ruby-rdoc-1.8.5-31.el5_9.x86_64.rpm
    ruby-devel-1.8.5-31.el5_9.x86_64.rpm
    ruby-ri-1.8.5-31.el5_9.x86_64.rpm
    ruby-tcltk-1.8.5-31.el5_9.x86_64.rpm
    ruby-docs-1.8.5-31.el5_9.x86_64.rpm
    ruby-irb-1.8.5-31.el5_9.x86_64.rpm
    ruby-devel-1.8.5-31.el5_9.i386.rpm
    ruby-libs-1.8.5-31.el5_9.x86_64.rpm
    ruby-mode-1.8.5-31.el5_9.x86_64.rpm
    ruby-libs-1.8.5-31.el5_9.i386.rpm
    ruby-debuginfo-1.8.5-31.el5_9.i386.rpm
    ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm
  i386
    ruby-mode-1.8.5-31.el5_9.i386.rpm
    ruby-libs-1.8.5-31.el5_9.i386.rpm
    ruby-tcltk-1.8.5-31.el5_9.i386.rpm
    ruby-irb-1.8.5-31.el5_9.i386.rpm
    ruby-docs-1.8.5-31.el5_9.i386.rpm
    ruby-devel-1.8.5-31.el5_9.i386.rpm
    ruby-ri-1.8.5-31.el5_9.i386.rpm
    ruby-rdoc-1.8.5-31.el5_9.i386.rpm
    ruby-1.8.5-31.el5_9.i386.rpm
    ruby-debuginfo-1.8.5-31.el5_9.i386.rpm
  srpm
    ruby-1.8.5-31.el5_9.src.rpm
  noarch
    ruby-debuginfo-1.8.5-31.el5_9.i386.rpm
    ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm
SL6
  x86_64
    ruby-devel-1.8.7.352-12.el6_4.i686.rpm
    ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-libs-1.8.7.352-12.el6_4.i686.rpm
    ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-static-1.8.7.352-12.el6_4.x86_64.rpm
    ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm
    ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm
  srpm
    ruby-1.8.7.352-12.el6_4.src.rpm
  i386
    ruby-docs-1.8.7.352-12.el6_4.i686.rpm
    ruby-devel-1.8.7.352-12.el6_4.i686.rpm
    ruby-libs-1.8.7.352-12.el6_4.i686.rpm
    ruby-rdoc-1.8.7.352-12.el6_4.i686.rpm
    ruby-ri-1.8.7.352-12.el6_4.i686.rpm
    ruby-1.8.7.352-12.el6_4.i686.rpm
    ruby-tcltk-1.8.7.352-12.el6_4.i686.rpm
    ruby-static-1.8.7.352-12.el6_4.i686.rpm
    ruby-irb-1.8.7.352-12.el6_4.i686.rpm
    ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm
  noarch
    ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm
    ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm

- Scientific Linux Development Team