GLSA-201702-32 : Ruby Archive::Tar::Minitar: Directory traversal
Medium Nessus Plugin ID 97344
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201702-32 (Ruby Archive::Tar::Minitar: Directory traversal)
Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to a directory traversal vulnerability.
A remote attacker could entice a user or an automated system to process a specially crafted archive using Ruby Archive::Tar::Minitar possibly allowing the writing of arbitrary files with the privileges of the process.
There is no known workaround at this time.
SolutionAll Ruby Archive::Tar::Minitar users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-ruby/archive-tar-minitar-0.6.1'