CVE-2011-2686

NameCVE-2011-2686
DescriptionRuby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-88-1
NVD severitymedium (attack range: remote)
Debian Bugs635878

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.8source(unstable)1.8.7.352-1low635878
ruby1.8sourcesqueeze1.8.7.302-2squeeze3mediumDLA-88-1

Search for package or bug name: Reporting problems