SUSE-SU-2018:1890-1

Опубликовано: 05 июл. 2018

Источник: suse-cvrf

Описание

Security update for rubygem-yard

This update for rubygem-yard fixes the following issues:

CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files (bsc#1070263).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP3

ruby2.1-rubygem-yard-0.8.7.3-7.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181890-1/
Link for SUSE-SU-2018:1890-1
https://lists.suse.com/pipermail/sle-security-updates/2018-July/004248.html
E-Mail link for SUSE-SU-2018:1890-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1070263
SUSE Bug 1070263
https://www.suse.com/security/cve/CVE-2017-17042/
SUSE CVE CVE-2017-17042 page

Описание

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP3:ruby2.1-rubygem-yard-0.8.7.3-7.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17042.html
CVE-2017-17042
https://bugzilla.suse.com/1070263
SUSE Bug 1070263

SUSE-SU-2018:1890-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP3

Ссылки

Уязвимость: CVE-2017-17042

Описание

Затронутые продукты

Ссылки