MDVSA-2008:029 -- Mandriva rubyID: oval:org.secpod.oval:def:301337 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN attribute in SSL certificates against the server"s hostname. The updated packages have been patched to prevent the issue.
Platform: |
Mandriva Linux 2007.0 |
Mandriva Linux 2007.1 |
Mandriva Linux 2008.0 |