Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:21171

Version

Class

patch

ALTXid

37317

Language

English

Severity

NotAvailable

Title

RHSA-2013:1090: ruby security update (Moderate)

Description

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Family

unix

Platform

Product

ruby

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2014-01-09T13:03:25 : submitted
  - ALTX-SOFT Sergey Artykhov
- 2014-01-10T12:56:14.387-05:00 : status_change DRAFT
- 2014-01-27T04:01:12.043-05:00 : status_change INTERIM
- 2014-02-17T04:01:25.912-05:00 : status_change ACCEPTED

Reference

VENDOR: RHSA-2013:1090-00

CESA: CESA-2013:1090
CESA: CESA-2013:1090

Id: CESA-2013:1090

CVE: CVE-2013-4073

Criteria

Expand All

Collapse All

AND

Operation system section

OR	Redhat 6 or Centos 6 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:20273) The operating system installed on the system is Red Hat Enterprise Linux 6

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16337) The operating system installed on the system is CentOS Linux 6.x

OR Packages section
- CRITERION ruby-rdoc is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91540) check=at least one, check_existence=at_least_one_exists, comment=ruby-rdoc is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14244)
      name ruby-rdoc
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby-ri is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:90988) check=at least one, check_existence=at_least_one_exists, comment=ruby-ri is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14461)
      name ruby-ri
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby-devel is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91554) check=at least one, check_existence=at_least_one_exists, comment=ruby-devel is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14187)
      name ruby-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby-static is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91608) check=at least one, check_existence=at_least_one_exists, comment=ruby-static is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:28990)
      name ruby-static
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby-tcltk is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91532) check=at least one, check_existence=at_least_one_exists, comment=ruby-tcltk is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14273)
      name ruby-tcltk
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby-docs is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91265) check=at least one, check_existence=at_least_one_exists, comment=ruby-docs is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14446)
      name ruby-docs
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby-libs is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91197) check=at least one, check_existence=at_least_one_exists, comment=ruby-libs is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14388)
      name ruby-libs
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby-irb is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91298) check=at least one, check_existence=at_least_one_exists, comment=ruby-irb is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14777)
      name ruby-irb
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4
- CRITERION ruby is earlier than 0:1.8.7.352-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91472) check=at least one, check_existence=at_least_one_exists, comment=ruby is earlier than 0:1.8.7.352-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14305)
      name ruby
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25794)
      evr datatype=evr_string | operation=less than | value=0:1.8.7.352-12.el6_4

AND

Operation system section

OR	Redhat 5 or Centos 5 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

OR Packages section
- CRITERION ruby-rdoc is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91512) check=at least one, check_existence=at_least_one_exists, comment=ruby-rdoc is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14244)
      name ruby-rdoc
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby-ri is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91538) check=at least one, check_existence=at_least_one_exists, comment=ruby-ri is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14461)
      name ruby-ri
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby-devel is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91219) check=at least one, check_existence=at_least_one_exists, comment=ruby-devel is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14187)
      name ruby-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby-mode is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91547) check=at least one, check_existence=at_least_one_exists, comment=ruby-mode is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14380)
      name ruby-mode
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby-tcltk is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91099) check=at least one, check_existence=at_least_one_exists, comment=ruby-tcltk is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14273)
      name ruby-tcltk
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby-docs is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91125) check=at least one, check_existence=at_least_one_exists, comment=ruby-docs is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14446)
      name ruby-docs
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby-libs is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91358) check=at least one, check_existence=at_least_one_exists, comment=ruby-libs is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14388)
      name ruby-libs
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby-irb is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91606) check=at least one, check_existence=at_least_one_exists, comment=ruby-irb is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14777)
      name ruby-irb
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9
- CRITERION ruby is earlier than 0:1.8.5-31.el5_9
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91418) check=at least one, check_existence=at_least_one_exists, comment=ruby is earlier than 0:1.8.5-31.el5_9, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14305)
      name ruby
    - rpminfo_state (ID = oval:org.mitre.oval:ste:26066)
      evr datatype=evr_string | operation=less than | value=0:1.8.5-31.el5_9


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL