CVE-2016-10173

Related Files

Gentoo Linux Security Advisory 201702-32

Posted Feb 23, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-32 - Ruby Archive::Tar::Minitar is vulnerable to a directory traversal attack. Versions prior to 0.6.1 are affected.

tags | advisory, ruby

systems | linux, gentoo

advisories | CVE-2016-10173

SHA-256 | 157e690b127e197b5e2dc69bc809ae8b72ef330c005521c03a4cf6eaf39f4814

Download | Favorite | View

Debian Security Advisory 3778-1

Posted Feb 1, 2017

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3778-1 - Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

tags | advisory, arbitrary, ruby

systems | linux, debian, osx

advisories | CVE-2016-10173

SHA-256 | c28a74b1d780091d7e74cf192097bf7172364ae67c4a0e3192e81a82c7b905b9

Download | Favorite | View