Ruby is an extensible, interpreted, object-oriented, scripting language. Ithas features to process text files and to do system management tasks.A flaw was found in the way the Ruby POP module processed certain APOPauthentication requests. By sending certain responses when the Ruby APOPmodule attempted to authenticate using APOP against a POP server, a remoteattacker could, potentially, acquire certain portions of a user'sauthentication credentials. (CVE-2007-1558)It was discovered that Ruby did not properly check the return value whenverifying X.509 certificates. This could, potentially, allow a remoteattacker to present an invalid X.509 certificate, and have Ruby treat it asvalid. (CVE-2009-0642)A flaw was found in the way Ruby converted BigDecimal objects to Floatnumbers. If an attacker were able to provide certain input for theBigDecimal object converter, they could crash an application using thisclass. (CVE-2009-1904)All Ruby users should upgrade to these updated packages, which containbackported patches to resolve these issues.