Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorymoderatecode executionSUSE: 2019:1373-1 Important Security Advisory for Axis Module
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for axis ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1373-1 Rating: moderate References: #1134598 Cross-References: CVE-2012-5784 CVE-2014-3596 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1373=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1373=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): axis-manual-1.4-5.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): axis-1.4-5.8.1 References: https://www.suse.com/security/cve/CVE-2012-5784.html https://www.suse.com/security/cve/CVE-2014-3596.html https://bugzilla.suse.com/1134598 _______________________________________________ sle-security-updates mailing list
May 28, 2019
•Important
SuSE
100
security advisorymoderateupdateSUSE: 2018:3467-2 Moderate: Issue with SMT Hostname Verification Check
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3467-2 Rating: moderate References: #1104076 #1111056 Cross-References: CVE-2018-12472 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1084=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 References: https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/1111056 _______________________________________________ sle-security-updates mailinglist
Apr 29, 2019
SuSE
100
security advisorymoderatesuseSUSE: 2018:3467-1 Moderate: SMT Hostname Check Security Update
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3467-1 Rating: moderate References: #1104076 #1111056 Cross-References: CVE-2018-12472 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2481=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-2481=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patchSUSE-SLE-SERVER-12-SP3-2018-2481=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-2481=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-2481=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-2481=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-2481=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2481=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 - SUSE Linux Enterprise Module for Public Cloud 12(aarch64 ppc64le s390x x86_64): smt-ha-3.0.38-52.26.1 - SUSE Enterprise Storage 4 (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 References: https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/1111056 _______________________________________________ sle-security-updates mailing list
Oct 26, 2018
SuSE
98
security advisorymoderateRed HatRed Hat Enterprise Linux 5 & 6: RHSA-2013:1090-01 Moderate: Ruby SSL Threat
Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2013:1090-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1090.html Issue date: 2013-07-17 CVE Names: CVE-2013-4073 ==================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. Anattacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 979251 - CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: ruby-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-docs-1.8.5-31.el5_9.i386.rpm ruby-irb-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-rdoc-1.8.5-31.el5_9.i386.rpm ruby-ri-1.8.5-31.el5_9.i386.rpm ruby-tcltk-1.8.5-31.el5_9.i386.rpm x86_64: ruby-1.8.5-31.el5_9.x86_64.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm ruby-docs-1.8.5-31.el5_9.x86_64.rpm ruby-irb-1.8.5-31.el5_9.x86_64.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.x86_64.rpm ruby-rdoc-1.8.5-31.el5_9.x86_64.rpm ruby-ri-1.8.5-31.el5_9.x86_64.rpm ruby-tcltk-1.8.5-31.el5_9.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-mode-1.8.5-31.el5_9.i386.rpm x86_64: ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.x86_64.rpm ruby-mode-1.8.5-31.el5_9.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: ruby-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-docs-1.8.5-31.el5_9.i386.rpm ruby-irb-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-mode-1.8.5-31.el5_9.i386.rpm ruby-rdoc-1.8.5-31.el5_9.i386.rpm ruby-ri-1.8.5-31.el5_9.i386.rpm ruby-tcltk-1.8.5-31.el5_9.i386.rpm ia64: ruby-1.8.5-31.el5_9.ia64.rpm ruby-debuginfo-1.8.5-31.el5_9.ia64.rpm ruby-devel-1.8.5-31.el5_9.ia64.rpm ruby-docs-1.8.5-31.el5_9.ia64.rpm ruby-irb-1.8.5-31.el5_9.ia64.rpm ruby-libs-1.8.5-31.el5_9.ia64.rpm ruby-mode-1.8.5-31.el5_9.ia64.rpm ruby-rdoc-1.8.5-31.el5_9.ia64.rpm ruby-ri-1.8.5-31.el5_9.ia64.rpm ruby-tcltk-1.8.5-31.el5_9.ia64.rpm ppc: ruby-1.8.5-31.el5_9.ppc.rpm ruby-debuginfo-1.8.5-31.el5_9.ppc.rpm ruby-debuginfo-1.8.5-31.el5_9.ppc64.rpm ruby-devel-1.8.5-31.el5_9.ppc.rpm ruby-devel-1.8.5-31.el5_9.ppc64.rpm ruby-docs-1.8.5-31.el5_9.ppc.rpm ruby-irb-1.8.5-31.el5_9.ppc.rpm ruby-libs-1.8.5-31.el5_9.ppc.rpm ruby-libs-1.8.5-31.el5_9.ppc64.rpm ruby-mode-1.8.5-31.el5_9.ppc.rpm ruby-rdoc-1.8.5-31.el5_9.ppc.rpm ruby-ri-1.8.5-31.el5_9.ppc.rpm ruby-tcltk-1.8.5-31.el5_9.ppc.rpm s390x: ruby-1.8.5-31.el5_9.s390x.rpm ruby-debuginfo-1.8.5-31.el5_9.s390.rpm ruby-debuginfo-1.8.5-31.el5_9.s390x.rpm ruby-devel-1.8.5-31.el5_9.s390.rpm ruby-devel-1.8.5-31.el5_9.s390x.rpm ruby-docs-1.8.5-31.el5_9.s390x.rpm ruby-irb-1.8.5-31.el5_9.s390x.rpm ruby-libs-1.8.5-31.el5_9.s390.rpm ruby-libs-1.8.5-31.el5_9.s390x.rpm ruby-mode-1.8.5-31.el5_9.s390x.rpm ruby-rdoc-1.8.5-31.el5_9.s390x.rpm ruby-ri-1.8.5-31.el5_9.s390x.rpm ruby-tcltk-1.8.5-31.el5_9.s390x.rpm x86_64: ruby-1.8.5-31.el5_9.x86_64.rpm ruby-debuginfo-1.8.5-31.el5_9.i386.rpm ruby-debuginfo-1.8.5-31.el5_9.x86_64.rpm ruby-devel-1.8.5-31.el5_9.i386.rpm ruby-devel-1.8.5-31.el5_9.x86_64.rpm ruby-docs-1.8.5-31.el5_9.x86_64.rpm ruby-irb-1.8.5-31.el5_9.x86_64.rpm ruby-libs-1.8.5-31.el5_9.i386.rpm ruby-libs-1.8.5-31.el5_9.x86_64.rpm ruby-mode-1.8.5-31.el5_9.x86_64.rpm ruby-rdoc-1.8.5-31.el5_9.x86_64.rpm ruby-ri-1.8.5-31.el5_9.x86_64.rpm ruby-tcltk-1.8.5-31.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: ruby-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-irb-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-rdoc-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-docs-1.8.7.352-12.el6_4.i686.rpm ruby-ri-1.8.7.352-12.el6_4.i686.rpm ruby-static-1.8.7.352-12.el6_4.i686.rpm ruby-tcltk-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: ruby-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-irb-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-rdoc-1.8.7.352-12.el6_4.i686.rpm ppc64: ruby-1.8.7.352-12.el6_4.ppc64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.ppc.rpm ruby-debuginfo-1.8.7.352-12.el6_4.ppc64.rpm ruby-devel-1.8.7.352-12.el6_4.ppc.rpm ruby-devel-1.8.7.352-12.el6_4.ppc64.rpm ruby-irb-1.8.7.352-12.el6_4.ppc64.rpm ruby-libs-1.8.7.352-12.el6_4.ppc.rpm ruby-libs-1.8.7.352-12.el6_4.ppc64.rpm ruby-rdoc-1.8.7.352-12.el6_4.ppc64.rpm s390x: ruby-1.8.7.352-12.el6_4.s390x.rpm ruby-debuginfo-1.8.7.352-12.el6_4.s390.rpm ruby-debuginfo-1.8.7.352-12.el6_4.s390x.rpm ruby-devel-1.8.7.352-12.el6_4.s390.rpm ruby-devel-1.8.7.352-12.el6_4.s390x.rpm ruby-irb-1.8.7.352-12.el6_4.s390x.rpm ruby-libs-1.8.7.352-12.el6_4.s390.rpm ruby-libs-1.8.7.352-12.el6_4.s390x.rpm ruby-rdoc-1.8.7.352-12.el6_4.s390x.rpm x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-docs-1.8.7.352-12.el6_4.i686.rpm ruby-ri-1.8.7.352-12.el6_4.i686.rpm ruby-static-1.8.7.352-12.el6_4.i686.rpm ruby-tcltk-1.8.7.352-12.el6_4.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-12.el6_4.ppc64.rpm ruby-docs-1.8.7.352-12.el6_4.ppc64.rpm ruby-ri-1.8.7.352-12.el6_4.ppc64.rpm ruby-static-1.8.7.352-12.el6_4.ppc64.rpm ruby-tcltk-1.8.7.352-12.el6_4.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-12.el6_4.s390x.rpm ruby-docs-1.8.7.352-12.el6_4.s390x.rpm ruby-ri-1.8.7.352-12.el6_4.s390x.rpm ruby-static-1.8.7.352-12.el6_4.s390x.rpm ruby-tcltk-1.8.7.352-12.el6_4.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: ruby-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-irb-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-rdoc-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-1.8.7.352-12.el6_4.x86_64.rpm ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-devel-1.8.7.352-12.el6_4.i686.rpm ruby-devel-1.8.7.352-12.el6_4.x86_64.rpm ruby-irb-1.8.7.352-12.el6_4.x86_64.rpm ruby-libs-1.8.7.352-12.el6_4.i686.rpm ruby-libs-1.8.7.352-12.el6_4.x86_64.rpm ruby-rdoc-1.8.7.352-12.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: ruby-debuginfo-1.8.7.352-12.el6_4.i686.rpm ruby-docs-1.8.7.352-12.el6_4.i686.rpm ruby-ri-1.8.7.352-12.el6_4.i686.rpm ruby-static-1.8.7.352-12.el6_4.i686.rpm ruby-tcltk-1.8.7.352-12.el6_4.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-12.el6_4.x86_64.rpm ruby-docs-1.8.7.352-12.el6_4.x86_64.rpm ruby-ri-1.8.7.352-12.el6_4.x86_64.rpm ruby-static-1.8.7.352-12.el6_4.x86_64.rpm ruby-tcltk-1.8.7.352-12.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4073 https://access.redhat.com/security/updates/classification/#moderate https://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. . Revised Python libraries for CentOS address a noteworthy severity TLS vulnerability linked to domain validations. Upgrade recommended.. Ruby Update, Red Hat Security, Moderate Severity, SSL Flaw, Security Advisory. . LinuxSecurity.com Team
Jul 17, 2013
Red Hat
89
security advisorymoderateFedoraFedora: 2009:7544 Moderate: perl-IO-Socket-SSL Hostname Check Issue
This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example www.example.org would match a certificate starting with www.example.org . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7544 2009-07-11 02:42:24 -------------------------------------------------------------------------------- Name : perl-IO-Socket-SSL Product : Fedora 10 Version : 1.26 Release : 1.fc10 URL : https://metacpan.org/dist/IO-Socket-SSL Summary : Perl library for transparent SSL Description : This module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client. IO::Socket::SSL supports all the extra features that one needs to write a full-featured SSL client or server application: multiple SSL contexts, cipher selection, certificate verification, and SSL version selection. As an extra bonus, it works perfectly with mod_perl. -------------------------------------------------------------------------------- Update Information: This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example ple.org would match a certificate starting with ple.org -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 4 2009 Paul Howarth - 1.26-1 - Update to 1.26 (verify_hostname_of_cert matched only the prefix for the hostname when no wildcard was given, e.g. ple.org matched against a certificate with name ple.com in it) * Fri Jul 3 2009 Paul Howarth - 1.25-1 - Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240) * Thu Apr 2 2009 Paul Howarth - 1.24-1 - Update to 1.24 (add verify hostname scheme ftp, same as http) * Wed Feb 25 2009 Paul Howarth - 1.23-1 - Update to 1.23 (complain when no certificates areprovided) * Sat Jan 24 2009 Paul Howarth - 1.22-1 - Update to latest upstream version: 1.22 * Thu Jan 22 2009 Paul Howarth - 1.20-1 - Update to latest upstream version: 1.20 * Tue Nov 18 2008 Paul Howarth - 1.18-1 - Update to latest upstream version: 1.18 - BR: perl(IO::Socket::INET6) for extra test coverage -------------------------------------------------------------------------------- References: [ 1 ] Bug #509819 - perl-IO-Socket-SSL: incorrect checking of certificate hostnames https://bugzilla.redhat.com/show_bug.cgi?id=509819 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update perl-IO-Socket-SSL' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jul 19, 2009
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!