Novell Home

CVE-2013-4073

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4073 at MITRE

Description

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 827265, 834601, 839107, 876588, 880222

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite 1.3
  • ruby19 >= 1.9.3.p392-0.11.1
  • ruby19-devel >= 1.9.3.p392-0.11.1
  • ruby19-devel-extra >= 1.9.3.p392-0.11.1
Builds
SAT Patch Nr: 8034
SUSE Linux Enterprise Software Development Kit 11 SP3
  • python-demo >= 2.6.9-0.3.1
  • python-devel >= 2.6.9-0.3.1
  • python-doc >= 2.6-8.3.1
  • python-doc-pdf >= 2.6-8.3.1
  • python-gdbm >= 2.6.9-0.3.1
  • python-idle >= 2.6.9-0.3.1
  • python-tk >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Software Development Kit 11 SP3
  • python-devel >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Software Development Kit 11 SP3
  • python-32bit >= 2.6.9-0.3.1
  • python-demo >= 2.6.9-0.3.1
  • python-devel >= 2.6.9-0.3.1
  • python-doc >= 2.6-8.3.1
  • python-doc-pdf >= 2.6-8.3.1
  • python-gdbm >= 2.6.9-0.3.1
  • python-idle >= 2.6.9-0.3.1
  • python-tk >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Desktop 11 SP3
  • libpython2_6-1_0 >= 2.6.9-0.3.1
  • python >= 2.6.9-0.3.1
  • python-base >= 2.6.9-0.3.1
  • python-curses >= 2.6.9-0.3.1
  • python-devel >= 2.6.9-0.3.1
  • python-tk >= 2.6.9-0.3.1
  • python-xml >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Desktop 11 SP3
  • libpython2_6-1_0 >= 2.6.9-0.3.1
  • libpython2_6-1_0-32bit >= 2.6.9-0.3.1
  • python >= 2.6.9-0.3.1
  • python-base >= 2.6.9-0.3.1
  • python-base-32bit >= 2.6.9-0.3.1
  • python-curses >= 2.6.9-0.3.1
  • python-devel >= 2.6.9-0.3.1
  • python-tk >= 2.6.9-0.3.1
  • python-xml >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • libpython2_6-1_0 >= 2.6.9-0.3.1
  • python >= 2.6.9-0.3.1
  • python-base >= 2.6.9-0.3.1
  • python-curses >= 2.6.9-0.3.1
  • python-demo >= 2.6.9-0.3.1
  • python-doc >= 2.6-8.3.1
  • python-doc-pdf >= 2.6-8.3.1
  • python-gdbm >= 2.6.9-0.3.1
  • python-idle >= 2.6.9-0.3.1
  • python-tk >= 2.6.9-0.3.1
  • python-xml >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • libpython2_6-1_0 >= 2.6.9-0.3.1
  • libpython2_6-1_0-32bit >= 2.6.9-0.3.1
  • python >= 2.6.9-0.3.1
  • python-32bit >= 2.6.9-0.3.1
  • python-base >= 2.6.9-0.3.1
  • python-base-32bit >= 2.6.9-0.3.1
  • python-curses >= 2.6.9-0.3.1
  • python-demo >= 2.6.9-0.3.1
  • python-doc >= 2.6-8.3.1
  • python-doc-pdf >= 2.6-8.3.1
  • python-gdbm >= 2.6.9-0.3.1
  • python-idle >= 2.6.9-0.3.1
  • python-tk >= 2.6.9-0.3.1
  • python-xml >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Server 11 SP3
  • libpython2_6-1_0 >= 2.6.9-0.3.1
  • libpython2_6-1_0-x86 >= 2.6.9-0.3.1
  • python >= 2.6.9-0.3.1
  • python-base >= 2.6.9-0.3.1
  • python-base-x86 >= 2.6.9-0.3.1
  • python-curses >= 2.6.9-0.3.1
  • python-demo >= 2.6.9-0.3.1
  • python-doc >= 2.6-8.3.1
  • python-doc-pdf >= 2.6-8.3.1
  • python-gdbm >= 2.6.9-0.3.1
  • python-idle >= 2.6.9-0.3.1
  • python-tk >= 2.6.9-0.3.1
  • python-x86 >= 2.6.9-0.3.1
  • python-xml >= 2.6.9-0.3.1
Builds
SAT Patch Nr: 8892
SUSE Linux Enterprise Software Development Kit 11 SP3
  • ruby-devel >= 1.8.7.p357-0.9.11.1
  • ruby-doc-html >= 1.8.7.p357-0.9.11.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.11.1
  • ruby-examples >= 1.8.7.p357-0.9.11.1
  • ruby-test-suite >= 1.8.7.p357-0.9.11.1
  • ruby-tk >= 1.8.7.p357-0.9.11.1
Builds
SAT Patch Nr: 8027
SUSE Linux Enterprise Desktop 11 SP3
  • ruby >= 1.8.7.p357-0.9.11.1
Builds
SAT Patch Nr: 8027
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • ruby >= 1.8.7.p357-0.9.11.1
  • ruby-doc-html >= 1.8.7.p357-0.9.11.1
  • ruby-tk >= 1.8.7.p357-0.9.11.1
Builds
SAT Patch Nr: 8027
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • ruby >= 1.8.6.p369-0.16.1
Builds
ZYPP Patch Nr: 8639
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
  • ruby >= 1.8.6.p369-0.16.1
  • ruby-devel >= 1.8.6.p369-0.16.1
  • ruby-doc-html >= 1.8.6.p369-0.16.1
  • ruby-doc-ri >= 1.8.6.p369-0.16.1
  • ruby-examples >= 1.8.6.p369-0.16.1
  • ruby-test-suite >= 1.8.6.p369-0.16.1
  • ruby-tk >= 1.8.6.p369-0.16.1
Builds
ZYPP Patch Nr: 8639
SUSE Linux Enterprise Server 11 SP1 LTSS
  • ruby >= 1.8.7.p357-0.9.15.6
  • ruby-doc-html >= 1.8.7.p357-0.9.15.6
  • ruby-tk >= 1.8.7.p357-0.9.15.6
Builds
SAT Patch Nr: 9312
SUSE Linux Enterprise Server 11 SP2 LTSS
  • ruby >= 1.8.7.p357-0.9.15.6
  • ruby-doc-html >= 1.8.7.p357-0.9.15.6
  • ruby-tk >= 1.8.7.p357-0.9.15.6
Builds
SAT Patch Nr: 9313
SUSE Linux Enterprise Software Development Kit 11 SP2
  • ruby-devel >= 1.8.7.p357-0.9.11.1
  • ruby-doc-html >= 1.8.7.p357-0.9.11.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.11.1
  • ruby-examples >= 1.8.7.p357-0.9.11.1
  • ruby-test-suite >= 1.8.7.p357-0.9.11.1
  • ruby-tk >= 1.8.7.p357-0.9.11.1
Builds
SAT Patch Nr: 8026
SUSE Lifecycle Management Server 1.3
WebYaST 1.3
  • ruby-devel >= 1.8.7.p357-0.9.11.1
Builds
SAT Patch Nr: 8026
SUSE Linux Enterprise Desktop 11 SP2
  • ruby >= 1.8.7.p357-0.9.11.1
Builds
SAT Patch Nr: 8026
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • ruby >= 1.8.7.p357-0.9.11.1
  • ruby-doc-html >= 1.8.7.p357-0.9.11.1
  • ruby-tk >= 1.8.7.p357-0.9.11.1
Builds
SAT Patch Nr: 8026

© 2014 Novell