Pardus: 2011-101: Ruby: Denial of Service

Posted by Benjamin D. Thomas

A vulnerability has been fixed in ruby, which can be used by local attacker to possibly cause denial of service.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-101           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-08-03
      Type: Local
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in ruby, which  can  be  used  by  local
attacker to possibly cause denial of service.


Description
==========
CVE-2011-2686:

It was found that Ruby did not properly reinitialize the random  number
generator, when forking new Ruby process.


Affected packages:

  Pardus 2009:
    ruby, all before 1.8.7_p352-25-8
  Pardus 2011:
    ruby, all before 1.8.7_p352-26-p11


Resolution
=========
There are update(s) for ruby. You can update them via Package Manager or
with a single command from console:

  Pardus 2009:
    pisi up ruby

  Pardus 2011:
    pisi up ruby


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id694

------------------------------------------------------------------------