Novell Home

CVE-2011-2705

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-2705 at MITRE

Description

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 704409

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite 1.2 [Appliance - Studio]
SUSE Studio Standard Edition 1.2
WebYaST 1.2
  • ruby-dbus >= 0.4.0-0.9.4
  • ruby-devel >= 1.8.7.p357-0.7.1
webyast12.x86-64
SAT Patch Nr: 5715
SUSE Studio Extension for System z 1.2
  • ruby-devel >= 1.8.7.p357-0.7.1
webyast12.x86-64
SAT Patch Nr: 5715
openSUSE 11.4 DEBUGINFO
  • ruby-debuginfo >= 1.8.7.p357-0.2.1
  • ruby-debugsource >= 1.8.7.p357-0.2.1
  • ruby-tk-debuginfo >= 1.8.7.p357-0.2.1
openSUSE 11.4
  • ruby >= 1.8.7.p357-0.2.1
  • ruby-devel >= 1.8.7.p357-0.2.1
  • ruby-doc-html >= 1.8.7.p357-0.2.1
  • ruby-doc-ri >= 1.8.7.p357-0.2.1
  • ruby-examples >= 1.8.7.p357-0.2.1
  • ruby-test-suite >= 1.8.7.p357-0.2.1
  • ruby-tk >= 1.8.7.p357-0.2.1
SLE 11 SP1 DEBUGINFO
  • ruby-debuginfo >= 1.8.7.p357-0.7.1
  • ruby-debugsource >= 1.8.7.p357-0.7.1
webyast11.x86
sles11-sp1.ppc
slms1.1.x86-64
sle11-sp1-sdk.s390x
webyast11.x86-64
sled11-sp1.x86
sles11-sp1.x86-64
studioonsite1.1.x86-64
sle11-sp1-sdk.ia64
sle11-sp1-sdk.x86
sled11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1-vmware.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.x86-64
SAT Patch Nr: 5716
SUSE Linux Enterprise Software Development Kit 11 SP1
  • ruby-devel >= 1.8.7.p357-0.7.1
  • ruby-doc-html >= 1.8.7.p357-0.7.1
  • ruby-doc-ri >= 1.8.7.p357-0.7.1
  • ruby-examples >= 1.8.7.p357-0.7.1
  • ruby-test-suite >= 1.8.7.p357-0.7.1
  • ruby-tk >= 1.8.7.p357-0.7.1
webyast11.x86
sles11-sp1.ppc
slms1.1.x86-64
sle11-sp1-sdk.s390x
webyast11.x86-64
sled11-sp1.x86
sles11-sp1.x86-64
studioonsite1.1.x86-64
sle11-sp1-sdk.ia64
sle11-sp1-sdk.x86
sled11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1-vmware.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.x86-64
SAT Patch Nr: 5716
SUSE Linux Enterprise Software Development Kit 11 SP1
  • ruby-devel >= 1.8.7.p357-0.7.1
  • ruby-doc-ri >= 1.8.7.p357-0.7.1
  • ruby-examples >= 1.8.7.p357-0.7.1
  • ruby-test-suite >= 1.8.7.p357-0.7.1
webyast11.x86
sles11-sp1.ppc
slms1.1.x86-64
sle11-sp1-sdk.s390x
webyast11.x86-64
sled11-sp1.x86
sles11-sp1.x86-64
studioonsite1.1.x86-64
sle11-sp1-sdk.ia64
sle11-sp1-sdk.x86
sled11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1-vmware.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.x86-64
SAT Patch Nr: 5716
SUSE Lifecycle Management Server 1.1 [Appliance - Tools]
SUSE Studio Onsite 1.1 [Appliance - Studio]
  • ruby-dbus >= 0.4.0-0.9.4
  • ruby-devel >= 1.8.7.p357-0.7.1
webyast11.x86
sles11-sp1.ppc
slms1.1.x86-64
sle11-sp1-sdk.s390x
webyast11.x86-64
sled11-sp1.x86
sles11-sp1.x86-64
studioonsite1.1.x86-64
sle11-sp1-sdk.ia64
sle11-sp1-sdk.x86
sled11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1-vmware.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.x86-64
SAT Patch Nr: 5716
SUSE Linux Enterprise Desktop 11 SP1
  • ruby >= 1.8.7.p357-0.7.1
webyast11.x86
sles11-sp1.ppc
slms1.1.x86-64
sle11-sp1-sdk.s390x
webyast11.x86-64
sled11-sp1.x86
sles11-sp1.x86-64
studioonsite1.1.x86-64
sle11-sp1-sdk.ia64
sle11-sp1-sdk.x86
sled11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1-vmware.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.x86-64
SAT Patch Nr: 5716
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • ruby >= 1.8.7.p357-0.7.1
  • ruby-doc-html >= 1.8.7.p357-0.7.1
  • ruby-tk >= 1.8.7.p357-0.7.1
webyast11.x86
sles11-sp1.ppc
slms1.1.x86-64
sle11-sp1-sdk.s390x
webyast11.x86-64
sled11-sp1.x86
sles11-sp1.x86-64
studioonsite1.1.x86-64
sle11-sp1-sdk.ia64
sle11-sp1-sdk.x86
sled11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86-64
sles11-sp1.ia64
sles11-sp1.x86
sles11-sp1-vmware.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.x86-64
SAT Patch Nr: 5716

© 2014 Novell