Описание
Security update for rubygem-archive-tar-minitar
This update for rubygem-archive-tar-minitar fixes one security issue:
- CVE-2016-10173: Archives with files containing '..' in the extracted filename could have been used to overwrite arbitrary files (bsc#1021740).
Список пакетов
SUSE Linux Enterprise Module for Containers 12
ruby2.1-rubygem-archive-tar-minitar-0.5.2-7.3.65
Ссылки
- Link for SUSE-SU-2021:0115-1
- E-Mail link for SUSE-SU-2021:0115-1
- SUSE Security Ratings
- SUSE Bug 1021740
- SUSE CVE CVE-2016-10173 page
Описание
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
Затронутые продукты
SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-archive-tar-minitar-0.5.2-7.3.65
Ссылки
- CVE-2016-10173
- SUSE Bug 1021740
- SUSE Bug 1096174