6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
48.7%
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to do system management tasks.
A flaw was found in Ruby’s SSL client’s hostname identity check when
handling certificates that contain hostnames with NULL bytes. An attacker
could potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would need
to obtain a carefully-crafted certificate signed by an authority that the
client trusts. (CVE-2013-4073)
All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to
these updated packages, which resolve this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | ruby193-ruby-devel | < 1.9.3.448-38.el6 | ruby193-ruby-devel-1.9.3.448-38.el6.x86_64.rpm |
RedHat | 6 | x86_64 | ruby193-rubygem-io-console | < 0.3-38.el6 | ruby193-rubygem-io-console-0.3-38.el6.x86_64.rpm |
RedHat | 6 | x86_64 | ruby193-ruby | < 1.9.3.448-38.el6 | ruby193-ruby-1.9.3.448-38.el6.x86_64.rpm |
RedHat | 6 | noarch | ruby193-rubygems-devel | < 1.8.23-38.el6 | ruby193-rubygems-devel-1.8.23-38.el6.noarch.rpm |
RedHat | 6 | noarch | ruby193-rubygem-rake | < 0.9.2.2-38.el6 | ruby193-rubygem-rake-0.9.2.2-38.el6.noarch.rpm |
RedHat | 6 | x86_64 | ruby193-ruby-debuginfo | < 1.9.3.448-38.el6 | ruby193-ruby-debuginfo-1.9.3.448-38.el6.x86_64.rpm |
RedHat | 6 | x86_64 | ruby193-ruby-libs | < 1.9.3.448-38.el6 | ruby193-ruby-libs-1.9.3.448-38.el6.x86_64.rpm |
RedHat | 6 | x86_64 | ruby193-rubygem-bigdecimal | < 1.1.0-38.el6 | ruby193-rubygem-bigdecimal-1.1.0-38.el6.x86_64.rpm |
RedHat | 6 | x86_64 | ruby193-rubygem-json | < 1.5.5-38.el6 | ruby193-rubygem-json-1.5.5-38.el6.x86_64.rpm |
RedHat | 6 | x86_64 | ruby193-ruby-tcltk | < 1.9.3.448-38.el6 | ruby193-ruby-tcltk-1.9.3.448-38.el6.x86_64.rpm |