UBUNTU-CVE-2015-1855

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2015-1855

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-1855.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-1855

Related

CVE-2015-1855
USN-3365-1

Published

2015-04-09T00:00:00Z

Modified

2015-04-09T00:00:00Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

verifycertificateidentity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

References

Affected packages

Ubuntu:14.04:LTS / ruby1.9.1

Package

Name: ruby1.9.1
Purl: pkg:deb/ubuntu/ruby1.9.1@1.9.3.484-2ubuntu1.3?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.3.484-2ubuntu1.3

Affected versions

1.*

1.9.3.194-8.1ubuntu2

1.9.3.448-1ubuntu1

1.9.3.448-1ubuntu2

1.9.3.484-1ubuntu1

1.9.3.484-1ubuntu2

1.9.3.484-2ubuntu1

1.9.3.484-2ubuntu1.1

1.9.3.484-2ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "ri1.9.1": "1.9.3.484-2ubuntu1.3",
            "ruby1.9.1-dbgsym": "1.9.3.484-2ubuntu1.3",
            "libruby1.9.1-dbg": "1.9.3.484-2ubuntu1.3",
            "libtcltk-ruby1.9.1-dbgsym": "1.9.3.484-2ubuntu1.3",
            "libtcltk-ruby1.9.1": "1.9.3.484-2ubuntu1.3",
            "libruby1.9.1": "1.9.3.484-2ubuntu1.3",
            "ruby1.9.1-dev-dbgsym": "1.9.3.484-2ubuntu1.3",
            "libruby1.9.1-dbgsym": "1.9.3.484-2ubuntu1.3",
            "ruby1.9.1-dev": "1.9.3.484-2ubuntu1.3",
            "ruby1.9.3": "1.9.3.484-2ubuntu1.3",
            "ruby1.9.1-full": "1.9.3.484-2ubuntu1.3",
            "ruby1.9.1-examples": "1.9.3.484-2ubuntu1.3",
            "ruby1.9.1": "1.9.3.484-2ubuntu1.3"
        }
    ]
}

Ubuntu:14.04:LTS / ruby2.0

Package

Name: ruby2.0
Purl: pkg:deb/ubuntu/ruby2.0@2.0.0.484-1ubuntu2.4?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0.484-1ubuntu2.4

Affected versions

2.*

2.0.0.299-2

2.0.0.343-1

2.0.0.343-1ubuntu1

2.0.0.353-1

2.0.0.353-1ubuntu1

2.0.0.484-1ubuntu1

2.0.0.484-1ubuntu2

2.0.0.484-1ubuntu2.1

2.0.0.484-1ubuntu2.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libruby2.0-dbgsym": "2.0.0.484-1ubuntu2.4",
            "libruby2.0": "2.0.0.484-1ubuntu2.4",
            "ruby2.0-tcltk-dbgsym": "2.0.0.484-1ubuntu2.4",
            "ruby2.0-doc": "2.0.0.484-1ubuntu2.4",
            "ruby2.0-dev": "2.0.0.484-1ubuntu2.4",
            "ruby2.0-dbgsym": "2.0.0.484-1ubuntu2.4",
            "ruby2.0-tcltk": "2.0.0.484-1ubuntu2.4",
            "ruby2.0": "2.0.0.484-1ubuntu2.4"
        }
    ]
}