MDVSA-2009:325 -- Mandriva rubyID: oval:org.secpod.oval:def:300585 | Date: (C)2012-01-07 (M)2023-08-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was discovered and corrected in ruby: ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate . The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type . Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
Platform: |
Mandriva Linux 2008.0 |