Several security issues were fixed in Ruby ...
It was discovered that the Ruby OpenSSL extension, part of the interpreter
for the Ruby language, did not properly implement hostname matching, in
violation of RFC 6125 This could allow remote attackers to perform a
man-in-the-middle attack via crafted SSL certificates
For the stable distribution (jessie), this problem has been fixed in
version 2 ...
It was discovered that the Ruby OpenSSL extension, part of the interpreter
for the Ruby language, did not properly implement hostname matching, in
violation of RFC 6125 This could allow remote attackers to perform a
man-in-the-middle attack via crafted SSL certificates
For the oldstable distribution (wheezy), this problem has been fixed
in versio ...
It was discovered that the Ruby OpenSSL extension, part of the interpreter
for the Ruby language, did not properly implement hostname matching, in
violation of RFC 6125 This could allow remote attackers to perform a
man-in-the-middle attack via crafted SSL certificates
For the oldstable distribution (wheezy), this problem has been fixed
in versio ...
Impact:
Moderate
Public Date:
2015-03-30
CWE:
CWE-297
Bugzilla:
1209981:
CVE-2015-1855 ruby: OpenSSL ex ...
As discussed in <a href="wwwruby-langorg/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/">an upstream announcement</a>, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 ...
As discussed in <a href="wwwruby-langorg/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/">an upstream announcement</a>, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 ...
As discussed in <a href="wwwruby-langorg/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/">an upstream announcement</a>, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 ...
As discussed in <a href="wwwruby-langorg/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/">an upstream announcement</a>, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 ...
As discussed in <a href="wwwruby-langorg/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/">an upstream announcement</a>, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 ...