Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:0147-1)
Summary:The remote host is missing an update for the 'ruby' package(s) announced via the SUSE-SU-2012:0147-1 advisory.
The remote host is missing an update for the 'ruby' package(s) announced via the SUSE-SU-2012:0147-1 advisory.

Vulnerability Insight:
This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from [link moved to references] g og> .

The most important fixes are:

* Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available,
OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815
> )
* mkconfig.rb: fix for continued lines.
* Fix Infinity to be greater than any bignum number.
* Initialize store->
* Several IPv6 related fixes.
* Fixes for zlib.
* Reinitialize PRNG when forking children
> , CVE-2011-3009
> )
* Fixes to securerandom. (CVE-2011-2705
> )
* Fix uri route_to
* Fix race condition with variables and autoload.

Affected Software/OS:
'ruby' package(s) on SUSE Lifecycle Management Server 1.1, SUSE Linux Enterprise Desktop 11 SP1, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Software Development Kit 11 SP1, SUSE Studio Extension for System z 1.2, SUSE Studio Onsite 1.1, SUSE Studio Onsite 1.2, SUSE Studio Standard Edition 1.2, WebYaST 1.2.

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2686
BugTraq ID: 49015
XForce ISS Database: ruby-random-number-dos(69032)
Common Vulnerability Exposure (CVE) ID: CVE-2011-2705
Common Vulnerability Exposure (CVE) ID: CVE-2011-3009
BugTraq ID: 49126
RedHat Security Advisories: RHSA-2012:0070
XForce ISS Database: ruby-random-number-weak-security(69157)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4815
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
CERT/CC vulnerability note: VU#903934
RedHat Security Advisories: RHSA-2012:0069
XForce ISS Database: ruby-hash-dos(72020)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.