ALAS-2012-079


Amazon Linux AMI Security Advisory: ALAS-2012-79
Advisory Release Date: 2014-09-14 16:36 Pacific
Severity: Medium
References: CVE-2012-2125 

Issue Overview:

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.


Affected Packages:

rubygems


Issue Correction:
Run yum update rubygems to update your system.

New Packages:
noarch:
    rubygems-devel-1.8.11-3.1.amzn1.noarch
    rubygems-1.8.11-3.1.amzn1.noarch

src:
    rubygems-1.8.11-3.1.amzn1.src