Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:0147-1)
Summary:The remote host is missing an update for the 'ruby' package(s) announced via the SUSE-SU-2012:0147-1 advisory.
The remote host is missing an update for the 'ruby' package(s) announced via the SUSE-SU-2012:0147-1 advisory.

Vulnerability Insight:
This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from [link moved to references] g og> .

The most important fixes are:

* Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available,
OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815
> )
* mkconfig.rb: fix for continued lines.
* Fix Infinity to be greater than any bignum number.
* Initialize store->
* Several IPv6 related fixes.
* Fixes for zlib.
* Reinitialize PRNG when forking children
> , CVE-2011-3009
> )
* Fixes to securerandom. (CVE-2011-2705
> )
* Fix uri route_to
* Fix race condition with variables and autoload.

Affected Software/OS:
'ruby' package(s) on WebYaST 1.2, SUSE Studio Standard Edition 1.2, SUSE Studio Onsite 1.2, SUSE Studio Onsite 1.1, SUSE Studio Extension for System z 1.2, SUSE Linux Enterprise Software Development Kit 11 SP1, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Desktop 11 SP1, SUSE Lifecycle Management Server 1.1

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2686
BugTraq ID: 49015
XForce ISS Database: ruby-random-number-dos(69032)
Common Vulnerability Exposure (CVE) ID: CVE-2011-2705
Common Vulnerability Exposure (CVE) ID: CVE-2011-3009
BugTraq ID: 49126
RedHat Security Advisories: RHSA-2012:0070
XForce ISS Database: ruby-random-number-weak-security(69157)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4815
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
CERT/CC vulnerability note: VU#903934
RedHat Security Advisories: RHSA-2012:0069
XForce ISS Database: ruby-hash-dos(72020)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.