MGASA-2015-0227

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2015-0227.html
Import Source
https://advisories.mageia.org/MGASA-2015-0227.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2015-0227
Related
Published
2015-05-15T18:23:49Z
Modified
2015-05-15T18:13:50Z
Summary
Updated ruby-rest-client packages fix security vulnerabilities
Details

Updated ruby-rest-client packages fix security vulnerability:

When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation attack or in stealing cookies (CVE-2015-1820).

REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information (CVE-2015-3448).

The ruby-rest-client package has been updated to version 1.8.0, fixing these issues and several other bugs. Refer to the upstream changelog for more details.

References
Credits

Affected packages

Mageia:4 / ruby-rest-client

Package

Name
ruby-rest-client
Purl
pkg:rpm/mageia/ruby-rest-client?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0-2.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:4 / ruby-netrc

Package

Name
ruby-netrc
Purl
pkg:rpm/mageia/ruby-netrc?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.3-1.mga4

Ecosystem specific 

{
    "section": "core"
}

Mageia:4 / ruby-http-cookie

Package

Name
ruby-http-cookie
Purl
pkg:rpm/mageia/ruby-http-cookie?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2-1.mga4

Ecosystem specific 

{
    "section": "core"
}