Bugtraq: [SECURITY] [DSA 3801-1] ruby-zip security update

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA512

– ————————————————————————

Debian Security Advisory DSA-3801-1 security (at) debian (dot) org [email concealed]

https://www.debian.org/security/ Salvatore Bonaccorso

March 04, 2017 https://www.debian.org/security/faq

– ————————————————————————

Package : ruby-zip

CVE ID : CVE-2017-5946

Debian Bug : 856269

It was discovered that ruby-zip, a Ruby module for reading and writing

zip files, is prone to a directory traversal vulnerability. An attacker

can take advantage of this flaw to overwrite arbitrary files during

archive extraction via a .. (dot dot) in an extracted filename.

For the stable distribution (jessie), this problem has been fixed in

version 1.1.6-1+deb8u1.

For the upcoming stable distribution (stretch), this problem has been

fixed in version 1.2.0-1.1.

For the unstable distribution (sid), this problem has been fixed in

version 1.2.0-1.1.

We recommend that you upgrade your ruby-zip packages.

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]

—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAli6x/BfFIAAAAAALgAo

aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2

NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND

z0Tbiw//djZwJd/q9cYXcVQEIk3TDRYIPPkboOWWvJw45KpaHISs4vsSdqwte0LG

xvA1ArNqJiH9ntCtF+vOWix6cuJTJdIWNDCaPxCK5+4VDdtjCR2YVQKteTnVTQWQ

kwp8VYkfD/CrbCHg7qgDksoAh38rW90py9hMfBp/wbxkI+dESlNgR8N9bLNj8vHN

mXCKvGxbeYcZ4KfPJ/PF23DxgchTzeWYOHq3DGINv4CHtBtD2n2v0B1+d6W5kFJS

tVXGL6AhpfFLFAA0/F/O4tEn6svGyB496VKYaNa21OPOl4Dv048XdpydT+DtqbIN

aYWbW6DeDBnqiFpxHV+rcZw1cLHiJmFz0pWTnTVmeIqGLugS/iSmLOeJAhP7cs0B

e94rw2mEa9jQDsuypiq46MU1boLHcxc7ghm0TnHdUFVcTLf5m5T81dyBFWXtwWQL

KpOW4t9BWqIhag5ObI2zQu4ZjP3ZspbG7TqS42LQitS5JodjHmxlaGZ5r84NuAtp

5ZXDlMGlsuCACQzpxwpMNWIOWMz57KoyeE45B7XI6BdBcet2YYWkHiueHF4hvboy

jDtdlhqORTPWxRFGd9MLHGB/ltdzjudR4JMLPtG+ZSOt64wqEWydHj8jrBfYNFG7

Nq8X1LSg2tkRXSjjFbOfuGUnmRr3EyGqegv+Rweq6OseL2IxmZU=

=X+6h

—–END PGP SIGNATURE—–

[ reply ]

Source: SecurityFocus Vulnerabilities @ March 6, 2017 at 02:17AM

0
Share