openSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)
High Nessus Plugin ID 76015
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here :
The particularly noteworthy fixes are :
- Hash functions are now using a randomized seed to avoid algorithmic complexity attacks (CVE-2011-4815). For this OpenSSL::Random.seed at the SecureRandom.random_bytes is used if available.
- mkconfig.rb: fix for continued lines.
- Fix Infinity to be greater than any bignum number.
- initialize store->ex_data.sk.
- some IPv6 related fixes
- zlib fixes
- reinitialize PRNG when forking children (CVE-2011-2686/CVE-2011-3009)
- securerandom fixes (CVE-2011-2705)
- uri route_to fixes
- fix race condition with variables and autoload
SolutionUpdate the affected ruby packages.