ruby-1.8.5-5.1

エラータID: AXSA:2007-63:01

Release date: 
Wednesday, December 12, 2007 - 14:15
Subject: 
ruby-1.8.5-5.1
Affected Channels: 
Asianux Server 3 for ia64
Asianux Server 3 for ppc
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
Moderate
Description: 

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple,straight-forward, and extensible.
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. (CVE-2007-5162)
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. (CVE-2007-5770)

Solution: 

Update packages

CVEs: 
CVE-2007-5162
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
CVE-2007-5770
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
Additional Info: 

N/A

Download: 

SRPMS
  1. ruby-1.8.5-5.1.src.rpm
    MD5: 26bd8a70581eb4e84415c628f9a49733
    SHA-256: 124ae421e48d5d33bf9976c6e0d48271e4f619a4c90a762395deb5e9533faf80
    Size: 5.34 MB

Asianux Server 3 for x86
  1. ruby-1.8.5-5.1.i386.rpm
    MD5: b48da44756509704d1cfe29078a2a57b
    SHA-256: 1f6153217b70b9380413f7fba20981033d05813f75ac3661ff3b40ba1d029083
    Size: 281.89 kB
  2. ruby-devel-1.8.5-5.1.i386.rpm
    MD5: ce7cdb2da0330db277c8e06e5a69ba27
    SHA-256: 87aedb0dadd8608d54e1ec8f042a2c0bcc998ae9b8711252f34ef189bcf7403d
    Size: 547.50 kB
  3. ruby-docs-1.8.5-5.1.i386.rpm
    MD5: d7ee632389357f3f640cb55d8be9a2de
    SHA-256: 1dd6c01972cc98c209953048566eb74a3d1df825560c11bb8ae7d8d0f6f3a39a
    Size: 1.50 MB
  4. ruby-irb-1.8.5-5.1.i386.rpm
    MD5: ff371c6dafd37ef2d4c0fae2be2e7a33
    SHA-256: d4a8c6088fadd92ddcb1d71e1ddb8c3be92ba9f8f6adcb1cb3d48076d99ee9a0
    Size: 68.30 kB
  5. ruby-libs-1.8.5-5.1.i386.rpm
    MD5: a3a105274d6ba1d35194100c44cd8bbe
    SHA-256: 8d0570dc04d2855cbe444ec18a84728e80db2d7ddc10fee4c6047d11f225d10e
    Size: 1.64 MB
  6. ruby-mode-1.8.5-5.1.i386.rpm
    MD5: d0529d2f044531bddbc048d93f888a3c
    SHA-256: 4fee06c3dbb2c37cc60cdd3dbe94b68469c83dd897d617d61cbc420714c242e5
    Size: 53.08 kB
  7. ruby-tcltk-1.8.5-5.1.i386.rpm
    MD5: 9bef5e7c621e878c0aaa7d368e7dcdaa
    SHA-256: 1e0ca1d66d20abbc61710283c7e6f8f578b0a6668065be350b5a1e5f213d6453
    Size: 1.67 MB

Asianux Server 3 for x86_64
  1. ruby-1.8.5-5.1.x86_64.rpm
    MD5: 6adabc25bd890fdcbecd2d0c24066c96
    SHA-256: 49835664dfab97cef4757cb7b852afec9da15eb225b1e62b735b1ffe45ca74b1
    Size: 281.50 kB
  2. ruby-devel-1.8.5-5.1.x86_64.rpm
    MD5: a5f5ff55c6c2e1ad3abac80122e58389
    SHA-256: 7c44d8309972f687e78b649d1b7dd4917f6a50488141e6abb988211d4600b124
    Size: 554.83 kB
  3. ruby-docs-1.8.5-5.1.x86_64.rpm
    MD5: b7173f2b0ddebb77364a2b71d969a995
    SHA-256: 06bb387ec7b1c93ffd016e13c18e6fbc7c7a79fc5db658b89619f9bcdbe3a0f5
    Size: 1.50 MB
  4. ruby-irb-1.8.5-5.1.x86_64.rpm
    MD5: 39b8e2b2d76c97c558bf4f34d9b427dd
    SHA-256: bcd5bf9797ffa7e51b914f53ee3e1e6fd51816cec6986f61ee7fed398786a696
    Size: 68.37 kB
  5. ruby-libs-1.8.5-5.1.x86_64.rpm
    MD5: d85d928bb5f55af2d21f3cfe6cd9630f
    SHA-256: 7c5a68cf85ca4edf0bb1151612c5cf6c788ab0844c71f6a875523af21fba0175
    Size: 1.65 MB
  6. ruby-mode-1.8.5-5.1.x86_64.rpm
    MD5: 4d3d077da9dbc94f6941d7637ea41405
    SHA-256: 3ba44395b3f6609e4cdbcac743ee2c2c30ed7983e77aa5a600754603f7cd61fe
    Size: 52.96 kB
  7. ruby-tcltk-1.8.5-5.1.x86_64.rpm
    MD5: 223ce6cf7c0113174cb8a6767c2dc389
    SHA-256: 8606e4f18e0b10f2aaf4edd7f3d6d2292f376a7c9f34668cea9fd61b41540041
    Size: 1.67 MB