Ruby Archive::Tar::Minitar: Directory traversal

Ruby Archive::Tar::Minitar: Directory traversal Ruby Archive::Tar::Minitar is vulnerable to a directory traversal attack. archive-tar-minitar 2017-02-22 2017-02-22 607110 remote 0.6.1 0.6.1

Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar(1) archive files.

Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to a directory traversal vulnerability.

A remote attacker could entice a user or an automated system to process a specially crafted archive using Ruby Archive::Tar::Minitar possibly allowing the writing of arbitrary files with the privileges of the process.

There is no known workaround at this time.

All Ruby Archive::Tar::Minitar users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=dev-ruby/archive-tar-minitar-0.6.1"

CVE-2016-10173 whissi whissi