CVE-2011-2705

Priority
Description
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby
before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for
initialization, which makes it easier for context-dependent attackers to
predict the result string by leveraging knowledge of random strings
obtained in an earlier process with the same PID.
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (1.9.2.290-2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Updated: 2019-03-19 11:59:13 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)