drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in Ruby
Name: |
Mangelnde Prüfung von Zertifikaten in Ruby |
|
ID: |
USN-1902-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 |
|
Datum: |
Di, 9. Juli 2013, 22:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073 |
|
Applikationen: |
Ruby |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============7522338090432961060== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigAEC0874D323C5D6EEB712763"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigAEC0874D323C5D6EEB712763 Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1902-1 July 09, 2013
ruby1.8, ruby1.9.1 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
An attacker could trick Ruby into trusting a rogue server.
Software Description: - ruby1.8: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language
Details:
William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: libruby1.8 1.8.7.358-7ubuntu1.1 libruby1.9.1 1.9.3.194-8.1ubuntu1.1 ruby1.8 1.8.7.358-7ubuntu1.1 ruby1.9.1 1.9.3.194-8.1ubuntu1.1
Ubuntu 12.10: libruby1.8 1.8.7.358-4ubuntu0.3 libruby1.9.1 1.9.3.194-1ubuntu1.5 ruby1.8 1.8.7.358-4ubuntu0.3 ruby1.9.1 1.9.3.194-1ubuntu1.5
Ubuntu 12.04 LTS: libruby1.8 1.8.7.352-2ubuntu1.3 libruby1.9.1 1.9.3.0-1ubuntu2.7 ruby1.8 1.8.7.352-2ubuntu1.3 ruby1.9.1 1.9.3.0-1ubuntu2.7
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1902-1 CVE-2013-4073
Package Information: https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.1 https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.1 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.3 https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.5 https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.3 https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.7
--------------enigAEC0874D323C5D6EEB712763 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJR3CoFAAoJEGVp2FWnRL6Tn0QP/2ImHi53ZCKtcR6Y4w8Hl+nd j/k2fqzZ7cEycQOJDWyAR3VtGYkPGWz+QLiby2oBg1fU6aiqYjY/976MgX54dwxs NyVecMwq/18DCamC7f8QYqLcfSwJi62IFUfowQ2hdmwZAcmBb7npSZaXSQlBt9o2 OC22BaWLYc0P+VhexmtquM2ZEwx74BG7vCkRCmnGlp4P2ahhDN3zCowGvquY2qYh lZA45aCi6BAbbxcOyTgugegxwVTr4S/0WeuaJUkkEW/I86nd8Au3jMcEvuelyCop /ZRETxwOiR69VHyvcCoYRjvHlVTHaxmpHkxZiYvwVgxlKM8NUACnWBAhVBKvCyFJ 3DoS/nPSs03TFCKPwWURN6H1OGJK0kIUFMe+nz0DMivBJ2yJqafxPmk3YBM7HhIO cfd2TaC6eHVQDkOwrWTONz3pcXU8YFpVcK4BS5iIvKOEz1r0RqDYBTui8a5ujdt9 ZXA/1PNdqheNXBnGxii/IxJBb/5YlwX88Y0IJnp6KtqJPQwWrLrdMrX0P5OcFJ6q UV2Hq6zc4BjJz65+U1sRzlCcq8TJ/gARCkwx6K3/iZFSvhVQ4IqpuX84yNnQzxS3 EwS5iR+0naD0sRvvK6m0MzCUdgKpNEngNQp2Fo8MZFEQLDZniWMUpsXyGjWccnlz YPHZEH6H/C7iMjCvl5pU =hESE -----END PGP SIGNATURE-----
--------------enigAEC0874D323C5D6EEB712763--
--===============7522338090432961060== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7522338090432961060==--
|
|
|
|