Test Kennung:	1.3.6.1.4.1.25623.1.0.703247
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3247-1 (ruby2.1 - security update)
Zusammenfassung:	It was discovered that the Ruby OpenSSL extension, part of the interpreter;for the Ruby language, did not properly implement hostname matching, in;violation of RFC 6125. This could allow remote attackers to perform a;man-in-the-middle attack via crafted SSL certificates.
Beschreibung:	Summary: It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. Affected Software/OS: ruby2.1 on Debian Linux Solution: For the stable distribution (jessie), this problem has been fixed in version 2.1.5-2+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 2.1.5-3. For the unstable distribution (sid), this problem has been fixed in version 2.1.5-3. We recommend that you upgrade your ruby2.1 packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1855 http://www.debian.org/security/2015/dsa-3245 http://www.debian.org/security/2015/dsa-3246 http://www.debian.org/security/2015/dsa-3247 https://bugs.ruby-lang.org/issues/9644 https://puppetlabs.com/security/cve/cve-2015-1855 https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.