CVE-2011-2686

Common Vulnerabilities and Exposures

Upstream information

CVE-2011-2686 at MITRE

Description

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 704409

SUSE Security Advisories:

openSUSE-SU-2012:0228-1, published Thu, 9 Feb 2012 19:10:36 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Studio Extension for System z 1.2	`ruby-devel >= 1.8.7.p357-0.7.1`	webyast12.x86-64 SAT Patch Nr: 5715
SUSE Studio Onsite 1.2 [Appliance - Studio] SUSE Studio Standard Edition 1.2 WebYaST 1.2	`ruby-dbus >= 0.4.0-0.9.4` `ruby-devel >= 1.8.7.p357-0.7.1`	webyast12.x86-64 SAT Patch Nr: 5715
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP4 for x86	`ruby >= 1.8.6.p369-0.14.1`	Builds ZYPP Patch Nr: 8524
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86	`ruby >= 1.8.6.p369-0.14.1` `ruby-devel >= 1.8.6.p369-0.14.1` `ruby-doc-html >= 1.8.6.p369-0.14.1` `ruby-doc-ri >= 1.8.6.p369-0.14.1` `ruby-examples >= 1.8.6.p369-0.14.1` `ruby-test-suite >= 1.8.6.p369-0.14.1` `ruby-tk >= 1.8.6.p369-0.14.1`	Builds ZYPP Patch Nr: 8524
openSUSE 11.4 DEBUGINFO	`ruby-debuginfo >= 1.8.7.p357-0.2.1` `ruby-debugsource >= 1.8.7.p357-0.2.1` `ruby-tk-debuginfo >= 1.8.7.p357-0.2.1`
openSUSE 11.4	`ruby >= 1.8.7.p357-0.2.1` `ruby-devel >= 1.8.7.p357-0.2.1` `ruby-doc-html >= 1.8.7.p357-0.2.1` `ruby-doc-ri >= 1.8.7.p357-0.2.1` `ruby-examples >= 1.8.7.p357-0.2.1` `ruby-test-suite >= 1.8.7.p357-0.2.1` `ruby-tk >= 1.8.7.p357-0.2.1`
SLE 11 SP1 DEBUGINFO	`ruby-debuginfo >= 1.8.7.p357-0.7.1` `ruby-debugsource >= 1.8.7.p357-0.7.1`	webyast11.x86 sles11-sp1.ppc slms1.1.x86-64 sle11-sp1-sdk.s390x webyast11.x86-64 sled11-sp1.x86 sles11-sp1.x86-64 studioonsite1.1.x86-64 sle11-sp1-sdk.ia64 sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.ppc sle11-sp1-sdk.x86-64 SAT Patch Nr: 5716
SUSE Linux Enterprise Software Development Kit 11 SP1	`ruby-devel >= 1.8.7.p357-0.7.1` `ruby-doc-ri >= 1.8.7.p357-0.7.1` `ruby-examples >= 1.8.7.p357-0.7.1` `ruby-test-suite >= 1.8.7.p357-0.7.1`	webyast11.x86 sles11-sp1.ppc slms1.1.x86-64 sle11-sp1-sdk.s390x webyast11.x86-64 sled11-sp1.x86 sles11-sp1.x86-64 studioonsite1.1.x86-64 sle11-sp1-sdk.ia64 sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.ppc sle11-sp1-sdk.x86-64 SAT Patch Nr: 5716
SUSE Linux Enterprise Software Development Kit 11 SP1	`ruby-devel >= 1.8.7.p357-0.7.1` `ruby-doc-html >= 1.8.7.p357-0.7.1` `ruby-doc-ri >= 1.8.7.p357-0.7.1` `ruby-examples >= 1.8.7.p357-0.7.1` `ruby-test-suite >= 1.8.7.p357-0.7.1` `ruby-tk >= 1.8.7.p357-0.7.1`	webyast11.x86 sles11-sp1.ppc slms1.1.x86-64 sle11-sp1-sdk.s390x webyast11.x86-64 sled11-sp1.x86 sles11-sp1.x86-64 studioonsite1.1.x86-64 sle11-sp1-sdk.ia64 sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.ppc sle11-sp1-sdk.x86-64 SAT Patch Nr: 5716
SUSE Lifecycle Management Server 1.1 [Appliance - Tools] SUSE Studio Onsite 1.1 [Appliance - Studio]	`ruby-dbus >= 0.4.0-0.9.4` `ruby-devel >= 1.8.7.p357-0.7.1`	webyast11.x86 sles11-sp1.ppc slms1.1.x86-64 sle11-sp1-sdk.s390x webyast11.x86-64 sled11-sp1.x86 sles11-sp1.x86-64 studioonsite1.1.x86-64 sle11-sp1-sdk.ia64 sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.ppc sle11-sp1-sdk.x86-64 SAT Patch Nr: 5716
SUSE Linux Enterprise Desktop 11 SP1	`ruby >= 1.8.7.p357-0.7.1`	webyast11.x86 sles11-sp1.ppc slms1.1.x86-64 sle11-sp1-sdk.s390x webyast11.x86-64 sled11-sp1.x86 sles11-sp1.x86-64 studioonsite1.1.x86-64 sle11-sp1-sdk.ia64 sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.ppc sle11-sp1-sdk.x86-64 SAT Patch Nr: 5716
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`ruby >= 1.8.7.p357-0.7.1` `ruby-doc-html >= 1.8.7.p357-0.7.1` `ruby-tk >= 1.8.7.p357-0.7.1`	webyast11.x86 sles11-sp1.ppc slms1.1.x86-64 sle11-sp1-sdk.s390x webyast11.x86-64 sled11-sp1.x86 sles11-sp1.x86-64 studioonsite1.1.x86-64 sle11-sp1-sdk.ia64 sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1-vmware.x86-64 sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.ppc sle11-sp1-sdk.x86-64 SAT Patch Nr: 5716

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy