FreeBSD : Ruby -- OpenSSL Hostname Verification Vulnerability (d4379f59-3e9b-49eb-933b-61de4d0b0fdb)
High Nessus Plugin ID 82753
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionRuby Developers report :
After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates.
Ruby's OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching of more than one wildcard per subject/SAN is no-longer allowed. As well, comparison of these values are now case-insensitive.
SolutionUpdate the affected packages.