|
|
Subscribe / Log in / New account

ruby-archive-tar-minitar: file overwrites

Package(s):ruby-archive-tar-minitar CVE #(s):CVE-2016-10173
Created:January 31, 2017 Updated:February 22, 2017
Description: From the Debian LTS advisory:

It has been found that rubygem archive-tar-minitar allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

Alerts:
Gentoo 201702-32 archive-tar-minitar 2017-02-22
Mageia MGASA-2017-0060 ruby-archive-tar-minitar 2017-02-20
openSUSE openSUSE-SU-2017:0429-1 rubygem-minitar 2017-02-09
Debian DSA-3778-1 ruby-archive-tar-minitar 2017-01-31
Debian-LTS DLA-808-1 ruby-archive-tar-minitar 2017-01-30
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds