Updated ruby-RubyGems packages fix security vulnerabilities
Publication date: 08 Sep 2015Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3900
Description
Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" (CVE-2015-3900).
References
SRPMS
4/core
- ruby-RubyGems-2.1.11-3.1.mga4
5/core
- ruby-RubyGems-2.1.11-5.1.mga5