Advisories » MGASA-2015-0074

Updated ruby-sprockets packages fix CVE-2014-7819

Publication date: 19 Feb 2015
Modification date: 19 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-7819

Description

Updated ruby-sprockets packages fix security vulnerabilities:

Multiple directory traversal vulnerabilities in server.rb in Sprockets 2.12.x
before 2.12.3, allow remote attackers to determine the existence of files
outside the application root via a ../ (dot dot slash) sequence with double
slashes or URL encoding (CVE-2014-7819).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14664
• http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819

SRPMS

4/core

• ruby-sprockets-2.10.0-4.1.mga4