Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 06 Mar 2014 12:35:27 +1100
From: Garth Mollett <gmollett@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client

Michael Samuel of Amcom discovered that the rbovirt gem used rest-client
with SSL verification disabled. Any products making use of this gem are
likely vulnerable to MITM attacks.

This is fixed in the latest upstream release:
http://rubygems.org/gems/rbovirt/versions/0.0.24

-- 
Garth Mollett / Red Hat Security Response Team




[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ