Mandriva Linux Security Advisory 2009-325 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
e2077ce129461d0a497c42e86d0c3e3ab2181e15b32eb65c1f3946d4694469cc
Debian Security Advisory 1860-1 - Several vulnerabilities have been discovered in Ruby.
11affe671bc325d35bbacdaba1cc0dff84af2b4d7f43397ff4731fd74ebce484
Mandriva Linux Security Advisory 2009-193 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. This update corrects the problem, including for older ruby versions.
0669c17c9c0462df2e2d19f4671fc26124b8dab42ffd851016ebb52c686df9f9
Ubuntu Security Notice USN-805-1 - It was discovered that Ruby did not properly validate certificates. An attacker could exploit this and present invalid or revoked X.509 certificates. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service.
4f72a70fd200ee1273e4776e82b8528015c978b29ef39631d27d00a2af0926b2