Ruby update fixes SSL man-in-the-middle vulnerability

The OpenSSL implementation bundled with Ruby has been found to be vulnerable to having its hostname check bypassed. 

Ruby update fixes SSL vulnerability

The flaw, rooted in the lack of proper handling of alternate X509 names with null bytes in them, could allow an attacker to present a certificate for "www.ruby-lang.org\0example.com" which when read by the Ruby client library, would be interpreted as "www.ruby-lang.org". That result would be handed over to the certificate verfication routines which would cause the certificate would be identified as coming from "www.ruby-lang.org". If an attacker could get a certificate where thesubjectAltName included such a null byte, they could use that certificate to interpose themselves between a victim and the site.

Ruby update fixes SSL man-in-the-middle vulnerability | The H Security