[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 846-1] libzip-ruby security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libzip-ruby
Version        : 0.9.4-1+deb7u1
CVE ID         : CVE-2017-5946
Debian Bug     : 856269

It was discovered that libzip-ruby, a Ruby module for reading and
writing zip files, is prone to a directory traversal vulnerability. An
attacker can take advantage of this flaw to overwrite arbitrary files
during archive extraction via a .. (dot dot) in an extracted filename.

For Debian 7 "Wheezy", these problems have been fixed in version
0.9.4-1+deb7u1.

We recommend that you upgrade your libzip-ruby packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAli93LFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSwqw/8CxrudrYleWzhUQFxyGJaTiZuNvPDAyzX5W32n+c+pqJqLHFJ4KfACFU9
Gsfh1WF0sajaC0E9EGDAHHSUGjIFesTd7T0rIoedw2APyVQtio4KwDbYsN0pCXST
ZoBjKmAFCncV1UdWf8ccl3Nfdm3dhBNXZldqXmhT0jBa5hAXqK3QwrGCq7uAST85
h05VGsZrr03YHCB6nOu/7bbTQYTJW8BgL/SWZfKNdH9MO9rKn4jhzaGo3+TbWkxA
4cAEZqVPLNadLjo2n/Of9I0+wcgTyu7YGW4DrtjbfIGGnb+oovgziF3sR+4NsUSX
WXhASK1a1luv2A+mErR+MZttHOBzMSvEBOX56CNiLGPgq2FGIYAasFzN02spWTl3
f6PgnHA700ms+YdmHFKoW9ewe39iSfKka1IkkTJpDyLevcpeJs36iBetPcRZ0KOO
7RC0DKT3IFCG3RH/yaGGnXjR/gxjIGT0YUshQnR+t78F9yImjEPx8Otah5VmfPuh
idRcMFG5oBXYs5ZJJ8/Qkc2rdReVXxQIrUkz++b1UVTfQp7GHiqjtOxM6kv/N97K
vbV8IRbSqVL3tmuGo93qxLXpeom8B5nRuwPuhgIH8Fl+c2TjwAIEKzIUpqki6adO
h6dxLrRAYBbETwBuo1DDKWRSA/aL/9lvAznqD/YKNrutn9Zcad0=
=ZGk1
-----END PGP SIGNATURE-----


Reply to: