Oval Definition:oval:com.redhat.rhsa:def:20070965
Revision Date:2008-03-20Version:636
Title:RHSA-2007:0965: ruby security update (Moderate)
Description:Ruby is an interpreted scripting language for object-oriented programming.

  • An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770)

    Users of Ruby should upgrade to these updated packages, which contain a backported patch to resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-5162
    CVE-2007-5770
    RHSA-2007:0965
    RHSA-2007:0965-01
    RHSA-2007:0965-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • ruby is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby is signed with Red Hat redhatrelease2 key
  • ruby-devel is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-devel is signed with Red Hat redhatrelease2 key
  • ruby-docs is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-docs is signed with Red Hat redhatrelease2 key
  • ruby-irb is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-irb is signed with Red Hat redhatrelease2 key
  • ruby-libs is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-libs is signed with Red Hat redhatrelease2 key
  • ruby-mode is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-mode is signed with Red Hat redhatrelease2 key
  • ruby-rdoc is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-rdoc is signed with Red Hat redhatrelease2 key
  • ruby-ri is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-ri is signed with Red Hat redhatrelease2 key
  • ruby-tcltk is earlier than 0:1.8.5-5.el5_1.1
  • AND ruby-tcltk is signed with Red Hat redhatrelease2 key
    • BACK