openSUSE-SU-2017:0429-1

Опубликовано: 09 фев. 2017

Источник: suse-cvrf

Описание

Security update for rubygem-minitar

This update for rubygem-minitar fixes the following issues:

CVE-2016-10173: Fixed a directory traversal vulnerability in rubygem-minitar, rubygem-archive-tar-minitar. (boo#1021740)

Список пакетов

openSUSE Leap 42.2

ruby2.1-rubygem-minitar-0.5.4-3.1

ruby2.1-rubygem-minitar-doc-0.5.4-3.1

rubygem-minitar-0.5.4-3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-02/msg00047.html
E-Mail link for openSUSE-SU-2017:0429-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.

Затронутые продукты

openSUSE Leap 42.2:ruby2.1-rubygem-minitar-0.5.4-3.1

openSUSE Leap 42.2:ruby2.1-rubygem-minitar-doc-0.5.4-3.1

openSUSE Leap 42.2:rubygem-minitar-0.5.4-3.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-10173.html
CVE-2016-10173
https://bugzilla.suse.com/1021740
SUSE Bug 1021740
https://bugzilla.suse.com/1096174
SUSE Bug 1096174

openSUSE-SU-2017:0429-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-10173

Описание

Затронутые продукты

Ссылки