Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1582-1 September 26, 2012 rubygems vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: RubyGems could be made to download and install malicious gem files. Software Description: - rubygems: package management framework for Ruby libraries/applications Details: John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. (CVE-2012-2126) John Firebaugh discovered that the RubyGems remote gem fetcher allowed redirection from HTTPS to HTTP. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. (CVE-2012-2125) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: rubygems 1.8.15-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1582-1 CVE-2012-2125, CVE-2012-2126 Package Information: https://launchpad.net/ubuntu/+source/rubygems/1.8.15-1ubuntu0.1