advisories/10637.adv

type: security
subject: Updated ruby packages fix CVE-2013-4073
CVE:
 - CVE-2013-4073
src:
  2:
   core:
     - ruby-1.8.7.p358-1.3.mga2
  3:
   core:
     - ruby-1.9.3.p448-1.mga3
     - ruby-linecache19-0.5.13-5.1.mga3
     - ruby-ruby-debug-base19-0.11.26-5.1.mga3
description: |
  A vulnerability in Ruby’s SSL client that could allow man-in-the-middle
  attackers to spoof SSL servers via valid certificate issued by a trusted
  certification authority (CVE-2013-4073).
references:
 - http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
 - http://www.ubuntu.com/usn/usn-1902-1/
 - https://bugs.mageia.org/show_bug.cgi?id=10637
ID: MGASA-2013-0229
1	type: security
2	subject: Updated ruby packages fix CVE-2013-4073
3	CVE:
4	- CVE-2013-4073
5	src:
6	2:
7	core:
8	- ruby-1.8.7.p358-1.3.mga2
9	3:
10	core:
11	- ruby-1.9.3.p448-1.mga3
12	- ruby-linecache19-0.5.13-5.1.mga3
13	- ruby-ruby-debug-base19-0.11.26-5.1.mga3
14	description: \|
15	A vulnerability in Ruby’s SSL client that could allow man-in-the-middle
16	attackers to spoof SSL servers via valid certificate issued by a trusted
17	certification authority (CVE-2013-4073).
18	references:
19	- http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
20	- http://www.ubuntu.com/usn/usn-1902-1/
21	- https://bugs.mageia.org/show_bug.cgi?id=10637
22	ID: MGASA-2013-0229