Ruby Vulnerability Fixed by Canonical for Ubuntu 13.04

A couple of other distributions have been affected by this bug

  Ruby logo
On July 9, Canonical published, in a security notice, details about Ruby vulnerabilities for its Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, and operating system.

On July 9, Canonical published, in a security notice, details about Ruby vulnerabilities for its Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, and operating system.

According to Canonical, an attacker could have tricked Ruby into trusting a rogue server.

It has been discovered that Ruby incorrectly verified the hostname in SSL certificates.

An attacker could have tricked Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, in order to perform a man-in-the-middle attack.

For a more detailed description of the security problems, you can visit Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest ruby1.8, ruby1.9.1, libruby1.8, and libruby1.9.1 packages, specific to each operating system. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes.

Comments