French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Fedora Security Update Fixes Ruby Net::HTTPS Security Bypass Issue

Title : Fedora Security Update Fixes Ruby Net::HTTPS Security Bypass Issue
Advisory ID : FrSIRT/ADV-2007-3738
CVE ID : CVE-2007-5162
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-06

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Fedora, which could be exploited to conduct spoofing attacks [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

272c8d04e8fba8be7542d79fce330187cbe45b29 SRPMS/ruby-1.8.5.114-1.fc6.src.rpm
272c8d04e8fba8be7542d79fce330187cbe45b29 noarch/ruby-1.8.5.114-1.fc6.src.rpm
3d51df08cd96e830a9c943f4a41ef70341eeca81 ppc/ruby-devel-1.8.5.114-1.fc6.ppc.rpm
925370893cdc5cf8d196e872374de95f6f20037a ppc/ruby-libs-1.8.5.114-1.fc6.ppc.rpm
18a8a577c911948235fa8596e1dfc1f11b427dc5 ppc/ruby-irb-1.8.5.114-1.fc6.ppc.rpm
7273074d6b536d02313aa45b1d85c856f82af785 ppc/debug/ruby-debuginfo-1.8.5.114-1.fc6.ppc.rpm
aeef872ef772901417d399fa8fc16416c610004d ppc/ruby-1.8.5.114-1.fc6.ppc.rpm
3804a3aa555f93847a61c80929031c422bd5dc30 ppc/ruby-mode-1.8.5.114-1.fc6.ppc.rpm
0cce98a830b69b3b6d697c5972000a2e07c607d8 ppc/ruby-ri-1.8.5.114-1.fc6.ppc.rpm
af385b20de1dbf74c716049af4e7f92744b22ecc ppc/ruby-rdoc-1.8.5.114-1.fc6.ppc.rpm
b6d8d98bc690db4f3313ec06f01b4aa0cc38cb49 ppc/ruby-tcltk-1.8.5.114-1.fc6.ppc.rpm
c84361a7967113e08270ae94829aa04f3a473b88 ppc/ruby-docs-1.8.5.114-1.fc6.ppc.rpm
d440fba2ed99bea5b21c06682c2e30570543dcbf x86_64/ruby-docs-1.8.5.114-1.fc6.x86_64.rpm
30a902f04cb23d013dfe97ce9c454b5114865462 x86_64/ruby-rdoc-1.8.5.114-1.fc6.x86_64.rpm
e25e47b8a8694c44f0ebe5b09a8c496de93dc399 x86_64/ruby-irb-1.8.5.114-1.fc6.x86_64.rpm
2a6227ec05376063bd6647fa1a20963bab74f509 x86_64/ruby-1.8.5.114-1.fc6.x86_64.rpm
6adc7d68671c4d557e47c66598ed990340d6d753 x86_64/ruby-tcltk-1.8.5.114-1.fc6.x86_64.rpm
940575ee9a14bedb2dec84a1c10ec0e665c6996b x86_64/ruby-mode-1.8.5.114-1.fc6.x86_64.rpm
d87f873b54bf62c81bf8f5b049a0e52eac3439fb x86_64/debug/ruby-debuginfo-1.8.5.114-1.fc6.x86_64.rpm
d2b0b8c9b672ffe087052505e4e679bf77c6b135 x86_64/ruby-ri-1.8.5.114-1.fc6.x86_64.rpm
ec40345d9e55bb0ae0412190576b5735eefdcc0d x86_64/ruby-devel-1.8.5.114-1.fc6.x86_64.rpm
3f634fee60a6082ccad4f30dce6db19179666881 x86_64/ruby-libs-1.8.5.114-1.fc6.x86_64.rpm
6f14520526efdeda798a8558b9420b11ff9aede9 i386/ruby-rdoc-1.8.5.114-1.fc6.i386.rpm
aceebb0e309c4ceb11f59773e17a11296a1cfa31 i386/debug/ruby-debuginfo-1.8.5.114-1.fc6.i386.rpm
61e432b5a57383600318f2464b14ce6a0eb5a4fc i386/ruby-ri-1.8.5.114-1.fc6.i386.rpm
2a93441c0e7a51f48ee10fd884ca482d2ebffc7b i386/ruby-docs-1.8.5.114-1.fc6.i386.rpm
7683b5d518253649e1273721cf67fa29c672fb68 i386/ruby-1.8.5.114-1.fc6.i386.rpm
64922a997af8c6dbf72fef57bd84e6b574941ac7 i386/ruby-tcltk-1.8.5.114-1.fc6.i386.rpm
01f7e8797c89b5b756ec25a868bb2af0436d8f24 i386/ruby-libs-1.8.5.114-1.fc6.i386.rpm
0914f60a8036cf58295bc30d7f7ff50329a72e92 i386/ruby-mode-1.8.5.114-1.fc6.i386.rpm
83391e1e744985e18ddc5b70fb7e652374500361 i386/ruby-devel-1.8.5.114-1.fc6.i386.rpm
13c84ab5628ae09e90f74df64d2541f7d2e0e093 i386/ruby-irb-1.8.5.114-1.fc6.i386.rpm

ChangeLog

2007-11-06 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Xcode Code Execution and Information Disclosure Vulnerabilities

Apple TV Data Processing Remote Code Execution Vulnerabilities

Apple Mac OS X Command Execution and Security Bypass Issues

Apple Safari for Mac OS X Remote Code Execution Vulnerability

Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities

Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

Cisco Products Remote DNS Cache Poisoning Vulnerability

Cisco Wide Area Application Services CUPS Remote Vulnerability

Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities

Cisco Intrusion Prevention System Jumbo Frame Vulnerability

Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

Microsoft Visual Studio "Msmask32" Code Execution Vulnerability

Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)

Microsoft Windows Messenger Data Disclosure (MS08-050)

Microsoft Windows Event System Code Execution (MS08-049)

Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)

Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)

Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy