CVE-2011-2686

Priority
Description
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which
makes it easier for context-dependent attackers to predict the values of
random numbers by leveraging knowledge of the number sequence obtained in a
different child process, a related issue to CVE-2003-0900. NOTE: this
issue exists because of a regression during Ruby 1.8.6 development.
Notes
 jdstrand> ruby1.8 only
 tyhicks> Simple test case in upstream bug's description
Assigned-to
tyhicks
Package
Upstream:released (1.8.7.352-2)
Patches:
Upstream:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713
More Information

Updated: 2019-03-19 11:59:10 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)