Ruby Update for SSL Vulnerability

Published: 2013-06-27
Last Updated: 2013-06-27 16:57:11 UTC
by Tony Carothers (Version: 1)
1 comment(s)

An update has been released for the SSL vulnerability reported in Ruby.  From the site: "All Ruby versions are affected".  The Ruby update also contains a patch for a DOS vulnerability; check out the details here.

Keywords: Ruby on Rails
1 comment(s)

Comments

- https://secunia.com/advisories/54011/
Release Date: 2013-06-28
Where: From remote
Impact: Spoofing
Solution Status: Vendor Patch
CVE Reference: CVE-2013-4073
Solution: Update to version Ruby 1.8.7-p374, 1.9.3-p448, or 2.0.0-p247.
Original Advisory: Ruby:
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
.

Diary Archives