CVE-2011-4121

Priority
Description
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to
2011-11-03 always generated an exponent value of '1' to be used for private
RSA key generation. A remote attacker could use this flaw to bypass or
corrupt integrity of services, depending on strong private RSA keys
generation mechanism.
Notes
jdstrandruby1.8 and ruby1.9 not affected. ruby1.9.1 only affected. This
seems to only be a problem in a pre-release version of ruby 1.9.4.0
introduced in http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33155
fix is http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633
Package
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:42:43 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)