[SECURITY] [DLA 808-1] ruby-archive-tar-minitar security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 808-1] ruby-archive-tar-minitar security update
From: Balint Reczey <balint@balintreczey.hu>
Date: Mon, 30 Jan 2017 22:10:42 +0100
Message-id: <[🔎] 2fc8b7a8-8664-dac9-5ae8-1442bcd2b49e@balintreczey.hu>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ruby-archive-tar-minitar
Version        : 0.5.2-2+deb7u1
CVE ID         : CVE-2016-10173
Debian Bug     : 853249


It has been found that rubygem archive-tar-minitar allows attackers to
overwrite arbitrary files during archive extraction via a .. (dot dot)
in an extracted filename.

For Debian 7 "Wheezy", these problems have been fixed in version
0.5.2-2+deb7u1.

We recommend that you upgrade your ruby-archive-tar-minitar packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJYj6vSAAoJEPZk0la0aRp9LD4P/RuMAdqzKs5xNNCa97WR56bZ
RpjoBTaxZdAjtIvCMXcd2/fz26gSSpsGbYDX+ABDdrSsYwAM2MBRBnmqn4+e4iuv
mq+txjghyWtmZnV9pGBIy8SSW6Rl894fCW5N9/pW4PyXGw5OYJCXLqg73q+r5Za4
YneEXXZ4arS6eY+/nJGN/2+KDNSoHeDjYTS84ZbgTSrtYKNmIlNTqfbDAginREmb
lYESsaVJ8zCBiCnC1I2nxe2B1Z13RUTjZAOnpQBSkMl7XNYqX4548XS+pKvj2LwK
SY+d/jDcf7o6XUs754LPeXbFuiYc1NR/XgfHoIIwpbP28TVPf3zkJfLmE/fmXSua
ofX4duDxqeyZsh3jAZhaI8SyDYah9kxD7YQ2YuarcrOFI/jhlWuCKlAe46ZpWwyl
tSaOUzSf+M+vzWCUGYb6cMjmkrOU7Z1QNwdYG55lcdAlX4Tq78DEdDlhnaerOcF7
+k7gv37q/WbMnadFJ6h1OzvENEzn/UXSp/x/Tyy0YL8j47AjjM8Sd42dITOogujG
xGtjdtxxbMBhs4zHxsTD+CeTgcEyv7M84EsWXE/B1G//+n74kI5Vr0AzgEhr9tvU
rDQmGJvZnPmMbJnH+udg33z93ZA0lCrSLCcQ98YBFzIAimi2b5mvLGky18rqRLHs
5hq0XUc04UjlKDO7JRd7
=2DGC
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 610-2] tiff3 regression update
Next by Date: [SECURITY] [DLA 809-1] tcpdump security update
Previous by thread: [SECURITY] [DLA 610-2] tiff3 regression update
Next by thread: [SECURITY] [DLA 809-1] tcpdump security update
Index(es):
- Date
- Thread