Updated ruby packages fix CVE-2015-1855
Publication date: 03 May 2015Modification date: 03 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1855
Description
Updated ruby packages fix security vulnerability:
Ruby OpenSSL hostname matching implementation violates RFC 6125
(CVE-2015-1855).
The ruby package has been updated to version 2.0.0-p645, which fixes this
issue.
References
- https://bugs.mageia.org/show_bug.cgi?id=15699
- https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
- https://www.ruby-lang.org/en/news/2015/04/13/ruby-2-0-0-p645-released/
- https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156431.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855
SRPMS
4/core
- ruby-2.0.0.p645-1.mga4