openSUSE-SU-2018:1908-1

Опубликовано: 06 июл. 2018

Источник: suse-cvrf

Описание

Security update for rubygem-yard

This update for rubygem-yard fixes the following issues:

CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files (bsc#1070263).

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.3

ruby2.1-rubygem-yard-0.8.7.3-8.3.1

ruby2.1-rubygem-yard-doc-0.8.7.3-8.3.1

ruby2.1-rubygem-yard-testsuite-0.8.7.3-8.3.1

ruby2.2-rubygem-yard-0.8.7.3-8.3.1

ruby2.2-rubygem-yard-doc-0.8.7.3-8.3.1

ruby2.2-rubygem-yard-testsuite-0.8.7.3-8.3.1

ruby2.3-rubygem-yard-0.8.7.3-8.3.1

ruby2.3-rubygem-yard-doc-0.8.7.3-8.3.1

ruby2.3-rubygem-yard-testsuite-0.8.7.3-8.3.1

ruby2.4-rubygem-yard-0.8.7.3-8.3.1

ruby2.4-rubygem-yard-doc-0.8.7.3-8.3.1

ruby2.4-rubygem-yard-testsuite-0.8.7.3-8.3.1

rubygem-yard-0.8.7.3-8.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00009.html
E-Mail link for openSUSE-SU-2018:1908-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

Затронутые продукты

openSUSE Leap 42.3:ruby2.1-rubygem-yard-0.8.7.3-8.3.1

openSUSE Leap 42.3:ruby2.1-rubygem-yard-doc-0.8.7.3-8.3.1

openSUSE Leap 42.3:ruby2.1-rubygem-yard-testsuite-0.8.7.3-8.3.1

openSUSE Leap 42.3:ruby2.2-rubygem-yard-0.8.7.3-8.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17042.html
CVE-2017-17042
https://bugzilla.suse.com/1070263
SUSE Bug 1070263

openSUSE-SU-2018:1908-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-17042

Описание

Затронутые продукты

Ссылки