Описание
Security update for rubygem-rubyzip
This update for rubygem-rubyzip fixes the following issues:
- CVE-2017-5946: A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory (boo#1027050)
Список пакетов
openSUSE Leap 42.2
ruby2.1-rubygem-rubyzip-1.1.7-8.1
ruby2.1-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.1-rubygem-rubyzip-testsuite-1.1.7-8.1
ruby2.2-rubygem-rubyzip-1.1.7-8.1
ruby2.2-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.2-rubygem-rubyzip-testsuite-1.1.7-8.1
ruby2.3-rubygem-rubyzip-1.1.7-8.1
ruby2.3-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.3-rubygem-rubyzip-testsuite-1.1.7-8.1
ruby2.4-rubygem-rubyzip-1.1.7-8.1
ruby2.4-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.4-rubygem-rubyzip-testsuite-1.1.7-8.1
rubygem-rubyzip-1.1.7-8.1
openSUSE Leap 42.3
ruby2.1-rubygem-rubyzip-1.1.7-8.1
ruby2.1-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.1-rubygem-rubyzip-testsuite-1.1.7-8.1
ruby2.2-rubygem-rubyzip-1.1.7-8.1
ruby2.2-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.2-rubygem-rubyzip-testsuite-1.1.7-8.1
ruby2.3-rubygem-rubyzip-1.1.7-8.1
ruby2.3-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.3-rubygem-rubyzip-testsuite-1.1.7-8.1
ruby2.4-rubygem-rubyzip-1.1.7-8.1
ruby2.4-rubygem-rubyzip-doc-1.1.7-8.1
ruby2.4-rubygem-rubyzip-testsuite-1.1.7-8.1
rubygem-rubyzip-1.1.7-8.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2120-1
- SUSE Security Ratings
Описание
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Затронутые продукты
openSUSE Leap 42.2:ruby2.1-rubygem-rubyzip-1.1.7-8.1
openSUSE Leap 42.2:ruby2.1-rubygem-rubyzip-doc-1.1.7-8.1
openSUSE Leap 42.2:ruby2.1-rubygem-rubyzip-testsuite-1.1.7-8.1
openSUSE Leap 42.2:ruby2.2-rubygem-rubyzip-1.1.7-8.1
Ссылки
- CVE-2017-5946
- SUSE Bug 1027050
- SUSE Bug 1096174