Debian Security Advisory 3801-1

Debian Security Advisory 3801-1: Posted Mar 6, 2017; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3801-1 - It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.; tags | advisory, arbitrary, ruby; systems | linux, debian; advisories | CVE-2017-5946; SHA-256 | 9f36d7b357a0a398e6e14674d0b70cfae90446d79497edae3a7c3e8ea1dcb14b; Download | Favorite | View

Debian Security Advisory 3801-1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3801-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 04, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ruby-zip
CVE ID         : CVE-2017-5946
Debian Bug     : 856269

It was discovered that ruby-zip, a Ruby module for reading and writing
zip files, is prone to a directory traversal vulnerability. An attacker
can take advantage of this flaw to overwrite arbitrary files during
archive extraction via a .. (dot dot) in an extracted filename.

For the stable distribution (jessie), this problem has been fixed in
version 1.1.6-1+deb8u1.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 1.2.0-1.1.

For the unstable distribution (sid), this problem has been fixed in
version 1.2.0-1.1.

We recommend that you upgrade your ruby-zip packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAli6x/BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Tbiw//djZwJd/q9cYXcVQEIk3TDRYIPPkboOWWvJw45KpaHISs4vsSdqwte0LG
xvA1ArNqJiH9ntCtF+vOWix6cuJTJdIWNDCaPxCK5+4VDdtjCR2YVQKteTnVTQWQ
kwp8VYkfD/CrbCHg7qgDksoAh38rW90py9hMfBp/wbxkI+dESlNgR8N9bLNj8vHN
mXCKvGxbeYcZ4KfPJ/PF23DxgchTzeWYOHq3DGINv4CHtBtD2n2v0B1+d6W5kFJS
tVXGL6AhpfFLFAA0/F/O4tEn6svGyB496VKYaNa21OPOl4Dv048XdpydT+DtqbIN
aYWbW6DeDBnqiFpxHV+rcZw1cLHiJmFz0pWTnTVmeIqGLugS/iSmLOeJAhP7cs0B
e94rw2mEa9jQDsuypiq46MU1boLHcxc7ghm0TnHdUFVcTLf5m5T81dyBFWXtwWQL
KpOW4t9BWqIhag5ObI2zQu4ZjP3ZspbG7TqS42LQitS5JodjHmxlaGZ5r84NuAtp
5ZXDlMGlsuCACQzpxwpMNWIOWMz57KoyeE45B7XI6BdBcet2YYWkHiueHF4hvboy
jDtdlhqORTPWxRFGd9MLHGB/ltdzjudR4JMLPtG+ZSOt64wqEWydHj8jrBfYNFG7
Nq8X1LSg2tkRXSjjFbOfuGUnmRr3EyGqegv+Rweq6OseL2IxmZU=
=X+6h
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 175 files
Ubuntu 51 files
Debian 24 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3801-1

Debian Security Advisory 3801-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3801-1

Share This

Debian Security Advisory 3801-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems