{"id":"MGASA-2015-0227","summary":"Updated ruby-rest-client packages fix security vulnerabilities","details":"Updated ruby-rest-client packages fix security vulnerability:\n\nWhen Ruby rest-client processes an HTTP redirection response, it blindly\npasses along the values from any Set-Cookie headers to the redirection target,\nregardless of domain, path, or expiration.  This can be used in a session\nfixation attack or in stealing cookies (CVE-2015-1820).\n\nREST Client for Ruby contains a flaw that is due to the application logging\npassword information in plaintext. This may allow a local attacker to gain\naccess to password information (CVE-2015-3448).\n\nThe ruby-rest-client package has been updated to version 1.8.0, fixing these\nissues and several other bugs.  Refer to the upstream changelog for more\ndetails.\n","modified":"2026-01-31T04:14:10.902985Z","published":"2015-05-15T18:23:49Z","related":["CVE-2015-1820","CVE-2015-3448"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0227.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15560"},{"type":"REPORT","url":"https://github.com/rest-client/rest-client/blob/master/history.md"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205291"},{"type":"REPORT","url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html"}],"affected":[{"package":{"name":"ruby-rest-client","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-rest-client?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0-2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0227.json"}},{"package":{"name":"ruby-netrc","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-netrc?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0227.json"}},{"package":{"name":"ruby-http-cookie","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-http-cookie?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0227.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}