MGASA-2017-0060

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0060.html

Import Source

https://advisories.mageia.org/MGASA-2017-0060.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0060

Related

CVE-2016-10173

Published

2017-02-20T22:19:20Z

Modified

2017-02-20T22:09:06Z

Summary

Updated ruby-archive-tar-minitar packages fix security vulnerability

Details

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. (CVE-2016-10173)

Moreover the updated packages replace deprecated require_gem by gem to make minitar work.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / ruby-archive-tar-minitar

Package

Name: ruby-archive-tar-minitar
Purl: pkg:rpm/mageia/ruby-archive-tar-minitar?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.2-14.2.mga5

Ecosystem specific

{
    "section": "core"
}