Security - CVE-2017-5946
Bug #1669894 reported by
Phillip Prescher
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libzip-ruby (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
ruby-zip (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Incomplete
|
Undecided
|
Unassigned | ||
Yakkety |
Incomplete
|
Undecided
|
Unassigned | ||
Zesty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This version of rubyzip is vulnerable to directory traversal attacks. Please see CVE-2017-5946.
It needs to be upgraded to version 1.2.1. It is currently on version 1.1.7.
CVE References
To post a comment you must log in.
Thanks for the report, Phillip. We are aware of this issue and are tracking it here:
https:/ /people. canonical. com/~ubuntu- security/ cve/2017/ CVE-2017- 5946.html