Medium: rubygems

2012-05-21T16:48:00
ID ALAS-2012-079
Type amazon
Reporter Amazon
Modified 2012-05-21T16:48:00

Description

Issue Overview:

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Affected Packages:

rubygems

Issue Correction:
Run yum update rubygems to update your system.

New Packages:

noarch:  
    rubygems-devel-1.8.11-3.1.amzn1.noarch  
    rubygems-1.8.11-3.1.amzn1.noarch

src:  
    rubygems-1.8.11-3.1.amzn1.src