Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Ruby Update for SSL Vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Ruby Update for SSL Vulnerability

An update has been released for the SSL vulnerability reported in Ruby.  From the site: "All Ruby versions are affected".  The Ruby update also contains a patch for a DOS vulnerability; check out the details here.

Tony

150 Posts
ISC Handler
- https://secunia.com/advisories/54011/
Release Date: 2013-06-28
Where: From remote
Impact: Spoofing
Solution Status: Vendor Patch
CVE Reference: CVE-2013-4073
Solution: Update to version Ruby 1.8.7-p374, 1.9.3-p448, or 2.0.0-p247.
Original Advisory: Ruby:
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!