Advisories ยป MGASA-2015-0074

Updated ruby-sprockets packages fix CVE-2014-7819

Publication date: 19 Feb 2015
Modification date: 19 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-7819

Description

Updated ruby-sprockets packages fix security vulnerabilities:

Multiple directory traversal vulnerabilities in server.rb in Sprockets 2.12.x
before 2.12.3, allow remote attackers to determine the existence of files
outside the application root via a ../ (dot dot slash) sequence with double
slashes or URL encoding (CVE-2014-7819).
                

References

SRPMS

4/core