1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2013-12062

[FEDORA-2013-12062] Fedora 17: ruby

Severity Medium
Affected Packages 1
CVEs 6
Info Packages References Vulnerabilities

A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority.

This vulnerability has been assigned the CVE identifier CVE-2013-4073.

This new update should solve this issue.

Package Affected Version
pkg:rpm/fedora/ruby?distro=fedora-17 < 1.9.3.448.31.fc17
ID
FEDORA-2013-12062
Severity
medium
Severity from
CVE-2013-4073
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2013-12062
Published
2013-07-11T02:33:19
(11 years ago)
Modified
2013-07-11T02:33:19
(11 years ago)
Rights
Copyright 2013 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 979295 Bug #979295 - ruby: CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=979295
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/ruby?distro=fedora-17 fedora ruby < 1.9.3.448.31.fc17 fedora-17
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date