Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5162 It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. CVE-2007-5770 It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. The old stable distribution (sarge) doesn't contain ruby1.9 packages. For the stable distribution (etch) these problems have been fixed in version 1.9.0+20060609-1etch1. Updated packages for hppa and sparc will be provided later. We recommend that you upgrade your ruby1.9 packages.
Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
The old stable distribution (sarge) doesn't contain ruby1.9 packages.
For the stable distribution (etch) these problems have been fixed in version 1.9.0+20060609-1etch4. Updated packages for hppa and sparc will be provided later.
We recommend that you upgrade your ruby1.9 packages.
MD5 checksums of the listed files are available in the original advisory.