SUSE CVE-2012-2126

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

Oracle: Security Advisory (ELSA-2013-1441)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Solaris Third-Party Patch Update : rubygems (cve_2012_2125_https_to)

The remote Solaris system is missing necessary patches to address security updates : - RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. CVE-2012-2125 - RubyGems...

Scientific Linux Security Update : rubygems on SL6.x (noarch) (20131017)

It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. CVE-2012-2126 It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the...

RHEL 6 : rubygems (RHSA-2013:1441)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:1441 advisory. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections...

Moderate: Red Hat Security Advisory: rubygems security update

An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

CVE-2012-2126

CVE-2012-2126 affects RubyGems prior to 1.8.23, where SSL certificate verification is not performed, enabling an attacker to perform a MITM attack to modify a gem during installation. Public references indicate the issue is addressed by upgrading RubyGems (e.g., to 1.8.23 or later) in affected en...

Ubuntu: Security Advisory (USN-1583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1582-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1583-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. CVE-2011-1005 John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates...

USN-1582-1: RubyGems vulnerabilities

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. CVE-2012-2126 John Firebaugh discovered that the RubyGems remot...

Ubuntu 12.04 LTS : rubygems vulnerabilities (USN-1582-1)

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. CVE-2012-2126 John Firebaugh discovered that the RubyGems remot...

Fedora Update for rubygems FEDORA-2012-6409

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora 17 : rubygems-1.8.23-20.fc17 (2012-6132)

New version 1.8.23 is released. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...