Jump to content
Compatible Support Forums
Sign in to follow this  
news

[slackware-security] ruby (SSA:2013-178-01)

Recommended Posts

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

[slackware-security] ruby (SSA:2013-178-01)

 

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current

to fix a security issue.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/ruby-1.9.3_p448-i486-1_slack14.0.txz: Upgraded.

This update patches a vulnerability in Ruby's SSL client that could allow

man-in-the-middle attackers to spoof SSL servers via a valid certificate

issued by a trusted certification authority.

For more information, see:

http://www.muby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073

(* Security fix *)

+--------------------------+

 

 

Where to find the new packages:

+-----------------------------+

 

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

 

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

 

Updated package for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ruby-1.9.3_p448-i486-1_slack13.1.txz

 

Updated package for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ruby-1.9.3_p448-x86_64-1_slack13.1.txz

 

Updated package for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ruby-1.9.3_p448-i486-1_slack13.37.txz

 

Updated package for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ruby-1.9.3_p448-x86_64-1_slack13.37.txz

 

Updated package for Slackware 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ruby-1.9.3_p448-i486-1_slack14.0.txz

 

Updated package for Slackware x86_64 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ruby-1.9.3_p448-x86_64-1_slack14.0.txz

 

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.9.3_p448-i486-1.txz

 

Updated package for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-1.9.3_p448-x86_64-1.txz

 

 

MD5 signatures:

+-------------+

 

Slackware 13.1 package:

ed7eaa7fdb9ee08dd69e444a6c2c23d8 ruby-1.9.3_p448-i486-1_slack13.1.txz

 

Slackware x86_64 13.1 package:

163e6c7d99abb43725d37c6ff16681ce ruby-1.9.3_p448-x86_64-1_slack13.1.txz

 

Slackware 13.37 package:

3c23d63e4e8dcdd3465f63f38cb05663 ruby-1.9.3_p448-i486-1_slack13.37.txz

 

Slackware x86_64 13.37 package:

c7cb042a91dbe0882366b73bf2025ee0 ruby-1.9.3_p448-x86_64-1_slack13.37.txz

 

Slackware 14.0 package:

dfb8718508b9dca9ce1b56c2fd90d3fd ruby-1.9.3_p448-i486-1_slack14.0.txz

 

Slackware x86_64 14.0 package:

7ec70f13351a8ccd31f8d61169a453d1 ruby-1.9.3_p448-x86_64-1_slack14.0.txz

 

Slackware -current package:

06a4826e83382f0c722855bea37f766a d/ruby-1.9.3_p448-i486-1.txz

 

Slackware x86_64 -current package:

13fe939b565e81fe4a57ddbdf8217286 d/ruby-1.9.3_p448-x86_64-1.txz

 

 

Installation instructions:

+------------------------+

 

Upgrade the package as root:

# upgradepkg ruby-1.9.3_p448-i486-1_slack14.0.txz

 

 

+-----+

 

Slackware Linux Security Team

http://slackware.com/gpg-key

security ( -at -) slackware.com

 

+------------------------------------------------------------------------+

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×