Amazon Linux 1 Security Advisory: ALAS-2012-79
Advisory Release Date: 2012-05-21 16:48 Pacific
Advisory Updated Date: 2014-09-14 16:36 Pacific
Severity:
Medium
Issue Overview:
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Affected Packages:
rubygems
Issue Correction:
Run yum update rubygems to update your system.
New Packages:
noarch:
rubygems-devel-1.8.11-3.1.amzn1.noarch
rubygems-1.8.11-3.1.amzn1.noarch
src:
rubygems-1.8.11-3.1.amzn1.src