openSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)

High Nessus Plugin ID 76015


The remote openSUSE host is missing a security update.


This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here :

The particularly noteworthy fixes are :

- Hash functions are now using a randomized seed to avoid algorithmic complexity attacks (CVE-2011-4815). For this OpenSSL::Random.seed at the SecureRandom.random_bytes is used if available.

- mkconfig.rb: fix for continued lines.

- Fix Infinity to be greater than any bignum number.

- initialize store->

- some IPv6 related fixes

- zlib fixes

- reinitialize PRNG when forking children (CVE-2011-2686/CVE-2011-3009)

- securerandom fixes (CVE-2011-2705)

- uri route_to fixes

- fix race condition with variables and autoload


Update the affected ruby packages.

See Also

Plugin Details

Severity: High

ID: 76015

File Name: suse_11_4_ruby-120117.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ruby, p-cpe:/a:novell:opensuse:ruby-debuginfo, p-cpe:/a:novell:opensuse:ruby-debugsource, p-cpe:/a:novell:opensuse:ruby-devel, p-cpe:/a:novell:opensuse:ruby-doc-html, p-cpe:/a:novell:opensuse:ruby-doc-ri, p-cpe:/a:novell:opensuse:ruby-examples, p-cpe:/a:novell:opensuse:ruby-test-suite, p-cpe:/a:novell:opensuse:ruby-tk, p-cpe:/a:novell:opensuse:ruby-tk-debuginfo, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2012/01/17

Reference Information

CVE: CVE-2011-2686, CVE-2011-2705, CVE-2011-3009, CVE-2011-4815

OSVDB: 74647, 74841, 78118