|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0342 (ruby)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0342: Updated ruby packages fix a security vulnerability 


Date:
    	      Thu, 13 Oct 2016 09:21:26 +0200


Message-ID:
    	      <20161013072126.961729F79B@duvel.mageia.org>


MGASA-2016-0342 - Updated ruby packages fix a security vulnerability

Publication date: 13 Oct 2016
URL: http://advisories.mageia.org/MGASA-2016-0342.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-7798

Description:
A bug in openssl module caused using an all 0 IV for AES-GCM ciphers 
in some cases (when setting a key, an iv, and then setting a key a 
again (CVE-2016-779

References:
- https://bugs.mageia.org/show_bug.cgi?id=19501
- https://github.com/ruby/openssl/issues/49
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798

SRPMS:
- 5/core/ruby-2.0.0.p648-1.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds