|Bugzilla:||722415: CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 ruby: Properly initialize the random number generator when forking new process|
The MITRE CVE dictionary describes this issue as:
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4 and 5.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 4 (ruby)||RHSA-2012:0070||January 30, 2012|
|Red Hat Enterprise Linux version 5 (ruby)||RHSA-2012:0070||January 30, 2012|
|Red Hat Enterprise Linux version 6 (ruby)||RHSA-2011:1581||December 05, 2011|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.