Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0642

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

Related bugs and status

CVE-2009-0642 (Candidate) is related to these bugs:

Bug #385436: DoS vulnerability in BigDecimal Ruby Library

Summary				In	Importance	Status
	385436	DoS vulnerability in BigDecimal Ruby Library		ruby1.8 (Ubuntu)	Medium	Fix Released
	385436	DoS vulnerability in BigDecimal Ruby Library		ruby1.8 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...
CONFIRM: http://redmine.ruby-la...
BID: 33769
SECUNIA: 33750
REDHAT: RHSA-2009:1140
SECTRACK: 1022505
SECUNIA: 35699
MANDRIVA: MDVSA-2009:193
UBUNTU: USN-805-1
SECUNIA: 35937
XF: ruby-ocspbasicverify-s...
OVAL: oval:org.mitre.oval:de...