(RHSA-2015:1657) Important: rh-ruby22-ruby security update

ID RHSA-2015:1657
Type redhat
Reporter RedHat
Modified 2017-08-04T09:10:23


Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain. (CVE-2015-3900)

All rh-ruby22-ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of Ruby need to be restarted for this update to take effect.