Ubuntu Security Notice 1582-1 - John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. John Firebaugh discovered that the RubyGems remote gem fetcher allowed redirection from HTTPS to HTTP. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.
79ecf56741b091d23384f3f0b01eeb591f87183b1b2b9abd751baebc340bbc94