Debian Security Advisory DSA 1411-1 (libopenssl-ruby)

The remote host is missing an update to libopenssl-ruby announced via advisory DSA 1411-1.

Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5162 It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. CVE-2007-5770 It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. The stable distribution (etch) no longer contains libopenssl-ruby. For the old stable distribution (sarge), these problems have been fixed in version 0.1.4a-1sarge1. Packages for sparc will be provided later. We recommend that you upgrade your libopenssl-ruby packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201411-1