Scientific Linux Security Update : ruby on SL5.x, SL6.x i386/srpm/x86_64
Medium Nessus Plugin ID 68946
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts.
SolutionUpdate the affected packages.