Slackware 14.0 Critical Advisory: Ruby SSL Spoofing Threat

slackware

June 28, 2013

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.0 ChangeLog: patches/packages/ruby-1.9.3_p448-i486-1_slack14.0.txz: Upgraded. This update patches a vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via a valid certificate issued by a trusted certification authority. For more information, see: https://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ https://www.cve.org/CVERecord?id=CVE-2013-4073 (* Security fix *)

Topics Covered

security advisory critical patch slackware ruby ssl spoofing

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.37:
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 13.1 package: ed7eaa7fdb9ee08dd69e444a6c2c23d8 ruby-1.9.3_p448-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 163e6c7d99abb43725d37c6ff16681ce ruby-1.9.3_p448-x86_64-1_slack13.1.txz
Slackware 13.37 package: 3c23d63e4e8dcdd3465f63f38cb05663 ruby-1.9.3_p448-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: c7cb042a91dbe0882366b73bf2025ee0 ruby-1.9.3_p448-x86_64-1_slack13.37.txz
Slackware 14.0 package: dfb8718508b9dca9ce1b56c2fd90d3fd ruby-1.9.3_p448-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 7ec70f13351a8ccd31f8d61169a453d1 ruby-1.9.3_p448-x86_64-1_slack14.0.txz
Slackware -current package: 06a4826e83382f0c722855bea37f766a d/ruby-1.9.3_p448-i486-1.txz
Slackware x86_64 -current package: 13fe939b565e81fe4a57ddbdf8217286 d/ruby-1.9.3_p448-x86_64-1.txz

Severity

critical

Lowest

Low

Medium

High

Critical

Topics Covered

security advisory critical patch slackware ruby ssl spoofing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg ruby-1.9.3_p448-i486-1_slack14.0.txz

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 14.0 Critical Advisory: Ruby SSL Spoofing Threat

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 14.0 Critical Advisory: Ruby SSL Spoofing Threat

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!