Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5162 It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. CVE-2007-5770 It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. For the old stable distribution (sarge) these problems have been fixed in version 1.8.2-7sarge6. Packages for sparc will be provided later. For the stable distribution (etch) these problems have been fixed in version 1.8.5-4etch1. Packages for sparc will be provided later. We recommend that you upgrade your ruby1.8 packages.
Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
For the old stable distribution (sarge) these problems have been fixed in version 1.8.2-7sarge6. Packages for sparc will be provided later.
For the stable distribution (etch) these problems have been fixed in version 1.8.5-4etch4. Packages for sparc will be provided later.
We recommend that you upgrade your ruby1.8 packages.
MD5 checksums of the listed files are available in the original advisory.