Updated ruby-archive-tar-minitar packages fix security vulnerability
Publication date: 20 Feb 2017Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10173
Description
Directory traversal vulnerability in the minitar before 0.6 and
archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write
to arbitrary files via a .. (dot dot) in a TAR archive entry.
(CVE-2016-10173)
Moreover the updated packages replace deprecated require_gem by gem to
make minitar work.
References
SRPMS
5/core
- ruby-archive-tar-minitar-0.5.2-14.2.mga5