<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:029
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ruby
 Date    : January 31, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet,
 Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a
 possible man-in-the-middle attack, when using SSL, due to a missing
 check of the CN (common name) attribute in SSL certificates against
 the server's hostname.
 
 The updated packages have been patched to prevent the issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5162
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 7d6503b580cadab905ac3ef4fde32495  2007.0/i586/ruby-1.8.5-2.3mdv2007.0.i586.rpm
 03f626e55f2da3d50e4af6a625f2d981  
2007.0/i586/ruby-devel-1.8.5-2.3mdv2007.0.i586.rpm
 a286449f58ebbb35ef96b104e8148394  
2007.0/i586/ruby-doc-1.8.5-2.3mdv2007.0.i586.rpm
 8124af6a429b10089ef3671f36285f81  
2007.0/i586/ruby-tk-1.8.5-2.3mdv2007.0.i586.rpm 
 c542b49863e6407a3563e4bcf9207fbc  2007.0/SRPMS/ruby-1.8.5-2.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 1488eb95c352a23961ad3729108aab31  
2007.0/x86_64/ruby-1.8.5-2.3mdv2007.0.x86_64.rpm
 729771da6e301b5c7b5754f95c85e478  
2007.0/x86_64/ruby-devel-1.8.5-2.3mdv2007.0.x86_64.rpm
 69827a0c924ffd3da5e084ea04e36fef  
2007.0/x86_64/ruby-doc-1.8.5-2.3mdv2007.0.x86_64.rpm
 cb12889526c54ed686c327c137f1320c  
2007.0/x86_64/ruby-tk-1.8.5-2.3mdv2007.0.x86_64.rpm 
 c542b49863e6407a3563e4bcf9207fbc  2007.0/SRPMS/ruby-1.8.5-2.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 615468da1639248f8c60d7a8ef575d1b  2007.1/i586/ruby-1.8.5-5.1mdv2007.1.i586.rpm
 cda9083dd1e1df7c4a49db1e0ec20008  
2007.1/i586/ruby-devel-1.8.5-5.1mdv2007.1.i586.rpm
 0268152c83d14133ac35cc7ee52cf60a  
2007.1/i586/ruby-doc-1.8.5-5.1mdv2007.1.i586.rpm
 c1c580dfddc099a2af9c61b33b9f0a2f  
2007.1/i586/ruby-tk-1.8.5-5.1mdv2007.1.i586.rpm 
 3d221074342e5f457373ab1aff977a96  2007.1/SRPMS/ruby-1.8.5-5.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 89de1e6816cc708d5401200405be508f  
2007.1/x86_64/ruby-1.8.5-5.1mdv2007.1.x86_64.rpm
 4e0003bc558584d6f95716d8818388ce  
2007.1/x86_64/ruby-devel-1.8.5-5.1mdv2007.1.x86_64.rpm
 87a5495beeb8138292aab40ce099b07b  
2007.1/x86_64/ruby-doc-1.8.5-5.1mdv2007.1.x86_64.rpm
 128ce81eeb4168cb915696f76d15c448  
2007.1/x86_64/ruby-tk-1.8.5-5.1mdv2007.1.x86_64.rpm 
 3d221074342e5f457373ab1aff977a96  2007.1/SRPMS/ruby-1.8.5-5.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 279f855dd2f179827968d9c9a6ee60ee  2008.0/i586/ruby-1.8.6-5.1mdv2008.0.i586.rpm
 454911b3e84a0de35e9905eadeba6852  
2008.0/i586/ruby-devel-1.8.6-5.1mdv2008.0.i586.rpm
 0bdf3776e48c584eb05db2d96675957b  
2008.0/i586/ruby-doc-1.8.6-5.1mdv2008.0.i586.rpm
 7a857b992180398881e396cb802d0274  
2008.0/i586/ruby-tk-1.8.6-5.1mdv2008.0.i586.rpm 
 c5f286aee44c6d309fd12248d68856dc  2008.0/SRPMS/ruby-1.8.6-5.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 05e24b17c69c26e10cf48c4f83c095f9  
2008.0/x86_64/ruby-1.8.6-5.1mdv2008.0.x86_64.rpm
 c7bb81a0ef557c621016a8c5468d9022  
2008.0/x86_64/ruby-devel-1.8.6-5.1mdv2008.0.x86_64.rpm
 e550ae1cb99aa67711acb5d6c6af64ac  
2008.0/x86_64/ruby-doc-1.8.6-5.1mdv2008.0.x86_64.rpm
 a8981603df024791c9e1d273717ce5f9  
2008.0/x86_64/ruby-tk-1.8.6-5.1mdv2008.0.x86_64.rpm 
 c5f286aee44c6d309fd12248d68856dc  2008.0/SRPMS/ruby-1.8.6-5.1mdv2008.0.src.rpm

 Corporate 3.0:
 bd239b9b3ed6a8fd456f42a399bc79f8  
corporate/3.0/i586/ruby-1.8.1-1.9.C30mdk.i586.rpm
 585ed391895ecc23a09ea55ed7bc0a8c  
corporate/3.0/i586/ruby-devel-1.8.1-1.9.C30mdk.i586.rpm
 c5d6ef08a414db182d937426c6aeecd3  
corporate/3.0/i586/ruby-doc-1.8.1-1.9.C30mdk.i586.rpm
 c87e858fede1106544bb925d594f1964  
corporate/3.0/i586/ruby-tk-1.8.1-1.9.C30mdk.i586.rpm 
 b53c77b5e98f20209db9b932b8a4734d  
corporate/3.0/SRPMS/ruby-1.8.1-1.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6487b1d817b08f91074961f6c42a136a  
corporate/3.0/x86_64/ruby-1.8.1-1.9.C30mdk.x86_64.rpm
 0277376e6ef0897fd024b5e9ec9a8a06  
corporate/3.0/x86_64/ruby-devel-1.8.1-1.9.C30mdk.x86_64.rpm
 6ee5839e1af2c82da8ef604f83601e21  
corporate/3.0/x86_64/ruby-doc-1.8.1-1.9.C30mdk.x86_64.rpm
 89ecdfcd225bc24a1437e0f09e513ba9  
corporate/3.0/x86_64/ruby-tk-1.8.1-1.9.C30mdk.x86_64.rpm 
 b53c77b5e98f20209db9b932b8a4734d  
corporate/3.0/SRPMS/ruby-1.8.1-1.9.C30mdk.src.rpm

 Corporate 4.0:
 311e14d160453952e4cc0e91599185d3  
corporate/4.0/i586/ruby-1.8.2-7.6.20060mlcs4.i586.rpm
 3857b0d6eff2a26f606aa2701819a470  
corporate/4.0/i586/ruby-devel-1.8.2-7.6.20060mlcs4.i586.rpm
 9f845778ef2cfc4089a787f8f971fba6  
corporate/4.0/i586/ruby-doc-1.8.2-7.6.20060mlcs4.i586.rpm
 f4712a52ee18d33bd17f19c5ee5b83ae  
corporate/4.0/i586/ruby-tk-1.8.2-7.6.20060mlcs4.i586.rpm 
 b0fbb9a741865d6a378336797b72a971  
corporate/4.0/SRPMS/ruby-1.8.2-7.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6ecf49a09a4ab595cd6ff04912a5370a  
corporate/4.0/x86_64/ruby-1.8.2-7.6.20060mlcs4.x86_64.rpm
 821ad33b361e6c5918f530b6778b3cbe  
corporate/4.0/x86_64/ruby-devel-1.8.2-7.6.20060mlcs4.x86_64.rpm
 1b2bbb2e933e7a2d16d997de3989e8dd  
corporate/4.0/x86_64/ruby-doc-1.8.2-7.6.20060mlcs4.x86_64.rpm
 e2837b0b88730df0bc25474bcd47e7df  
corporate/4.0/x86_64/ruby-tk-1.8.2-7.6.20060mlcs4.x86_64.rpm 
 b0fbb9a741865d6a378336797b72a971  
corporate/4.0/SRPMS/ruby-1.8.2-7.6.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHoVEDmqjQ0CJFipgRApWRAKCpvtRx3iwu7kfBHy0oa1SEEr8/OACfbk5V
GOLYVR7cWoNtorl6m1S9p28=
=QfTa
-----END PGP SIGNATURE-----