Oval Definition:oval:org.mitre.oval:def:21946
Revision Date:2014-05-26Version:20
Title:ELSA-2007:0965: ruby security update (Moderate)
Description:The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2007-5162
CVE-2007-5770
ELSA-2007:0965-01
Platform(s):Oracle Linux 5
Product(s):ruby
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • ruby-docs is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby-ri is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby-mode is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby-libs is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby-tcltk is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby-irb is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby-rdoc is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby is earlier than 0:1.8.5-5.el5_1.1
  • OR ruby-devel is earlier than 0:1.8.5-5.el5_1.1
    • BACK