Please cancel my subscription fbernis@ccia.uned.es opensuse-security@opensuse.org wrote:
openSUSE Security Update: ruby: configure https usage for rubygems.org ______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:1393-1 Rating: moderate References: Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
The ruby gemrc configured the gem installation source as http source, allowing man in the middle attacks (if someone could provide a different address for rubygems.org).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2013-668
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-668
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
ruby-1.9.3-15.6.1 ruby-devel-1.9.3-15.6.1
- openSUSE 12.2 (i586 x86_64):
ruby-1.9.3-2.8.1 ruby-common-1.9.3-2.8.1 ruby-devel-1.9.3-2.8.1
References:
-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (1)
-
Francisco Bernis