Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ruby | Ruby-lang | * | 1.8.7-334 (including) |
Ruby | Ruby-lang | 1.8.7-p22 (including) | 1.8.7-p22 (including) |
Ruby | Ruby-lang | 1.8.7-p71 (including) | 1.8.7-p71 (including) |
Ruby | Ruby-lang | 1.8.7-p72 (including) | 1.8.7-p72 (including) |
Ruby | Ruby-lang | 1.8.7-160 (including) | 1.8.7-160 (including) |
Ruby | Ruby-lang | 1.8.7-173 (including) | 1.8.7-173 (including) |
Ruby | Ruby-lang | 1.8.7-248 (including) | 1.8.7-248 (including) |
Ruby | Ruby-lang | 1.8.7-249 (including) | 1.8.7-249 (including) |
Ruby | Ruby-lang | 1.8.7-299 (including) | 1.8.7-299 (including) |
Ruby | Ruby-lang | 1.8.7-302 (including) | 1.8.7-302 (including) |
Ruby | Ruby-lang | 1.8.7-330 (including) | 1.8.7-330 (including) |
Ruby | Ruby-lang | 1.8.7-p21 (including) | 1.8.7-p21 (including) |
Ruby1.8 | Ubuntu | hardy | * |
Ruby1.8 | Ubuntu | lucid | * |
Ruby1.8 | Ubuntu | maverick | * |
Ruby1.8 | Ubuntu | natty | * |
Ruby1.8 | Ubuntu | upstream | * |