From ${URL} : Ruby’s SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes. OpenSSL::SSL.verify_certificate_identity implements RFC2818 Server Identity check for Ruby’s SSL client but it does not properly handle hostnames in the subjectAltName X509 extension that contain null bytes. Existing code in lib/openssl/ssl.rb uses OpenSSL::X509::Extension#value for extracting identity from subjectAltName. Extension#value depends OpenSSL function X509V3_EXT_print() and for dNSName of subjectAltName it utilizes sprintf() that is known as null byte unsafe. As the result Extension#value returns ‘www.ruby-lang.org’ if the subjectAltName is ‘www.ruby-lang.org\0.example.com’ and OpenSSL::SSL.verify_certificate_identity wrongly identifies the certificate is for ‘www.ruby-lang.org’. When a CA a SSL client trusts allows to issue the server certificate that has null byte in subjectAltName, remote attackers can obtain the certificate for ‘www.ruby-lang.org\0.example.com’ from the CA to spoof ‘www.ruby-lang.org’ and do man-in-the-middle between Ruby’s SSL client and SSL servers. External References: http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ This is corrected in upstream versions 2.0.0-p247, 1.9.3-p448 and 1.8.7-p374. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Fixed versions are now in the tree. The additional changes don't look very invasive, so let's continue with stabling right away: =dev-lang/ruby-1.8.7_p374 =dev-lang/ruby-1.9.3_p448
amd64 stable
x86 stable
arm stable
ppc stable
Stable for HPPA.
ppc64 stable
alpha stable
ia64 stable
sh stable
sparc stable
s390 stable
GLSA vote: no.
CVE-2013-4073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4073): The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
GLSA vote: no Closing as noglsa