Date: Thu, 06 Mar 2014 12:35:27 +1100 From: Garth Mollett <gmollett@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client Michael Samuel of Amcom discovered that the rbovirt gem used rest-client with SSL verification disabled. Any products making use of this gem are likely vulnerable to MITM attacks. This is fixed in the latest upstream release: http://rubygems.org/gems/rbovirt/versions/0.0.24 -- Garth Mollett / Red Hat Security Response Team [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ