LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

ruby: insufficient SSL certificate validation

Package(s):ruby CVE #(s):CVE-2007-5162 CVE-2007-5770
Created:October 8, 2007 Updated:October 10, 2008
Description: The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
Alerts:
Fedora FEDORA-2008-6094 2008-07-04
Fedora FEDORA-2008-6033 2008-07-03
Ubuntu USN-596-1 2008-03-26
Fedora FEDORA-2008-2443 2008-03-13
Fedora FEDORA-2008-2458 2008-03-13
Mandriva MDVSA-2008:029 2007-01-31
Debian DSA-1411-1 2007-11-24
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1412-1 2007-11-24
Debian DSA-1410-1 2007-11-24
Red Hat RHSA-2007:0961-01 2007-11-13
Red Hat RHSA-2007:0965-01 2007-11-13
Foresight FLEA-2007-0068-1 2007-11-11
Fedora FEDORA-2007-2812 2007-11-06
Fedora FEDORA-2007-738 2007-11-05
Fedora FEDORA-2007-2685 2007-10-29
Fedora FEDORA-2007-2406 2007-10-08
Fedora FEDORA-2007-718 2007-10-08
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds