net-http vulnerability in Ruby

net-http vulnerability in Ruby

Posted by: snakepimp
Posted on: 2007-12-18 16:57:00

Is the Ruby install @ Dreamhost affected by this?
The DH Wiki says DH is running 1.8.5 which is listed as affected up to 1.8.5 p113

http://www.ruby-lang.org/en/news/2007/10/04/net-https-vulnerability/
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt

Before I start working on Ruby on the server I need to know this. I see in the wiki it says we can install 1.8.6 but no specific build vers.
Anybody know for sure what the status of this vulnerability is @ DH?
It's ironic that the first project I really need an SSL cert for happens to be a Ruby project.

~Once Greenland melts, it'll be a different ballgame,
Jeremy.

Re: net-http vulnerability in Ruby

Posted by: wholly
Posted on: 2007-12-18 19:32:00

I'm showing 1.8.5 on my server - (I didn't notice the build).

You probably should have brought this up directly with support rather than exposing the hole to everyone.

Not that I'm an advocate of hiding information, just that giving DH a chance to address the issue would have been nice.

Wholly - Use promo code WhollyMindless for discount.

Tags: vulnerabilityrubycertwikivulnerabilityrubycertwiki