Updated ruby-RubyGems packages fix security vulnerabilities
Publication date: 08 Sep 2015Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3900
Description
Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" (CVE-2015-3900).
References
SRPMS
5/core
- ruby-RubyGems-2.1.11-5.1.mga5
4/core
- ruby-RubyGems-2.1.11-3.1.mga4