ruby4.0-rubygem-minitar-0.9-1.21 on GA media (moderate)

ruby4.0-rubygem-minitar-0.9-1.21 on GA media Announcement ID: openSUSE-SU-2026:10354-1 Rating: moderate Cross-References: CVE-2016-10173 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:10354-1 ruby4.0-rubygem-minitar-0.9-1.21 on GA media

These are all security issues fixed in the ruby4.0-rubygem-minitar-0.9-1.21 package on the GA media of openSUSE Tumbleweed...

EUVD-2017-0246

Malware in sbrugna...

OPENSUSE-SU-2024:14172-1 ruby3.3-rubygem-minitar-0.9-1.17 on GA media

These are all security issues fixed in the ruby3.3-rubygem-minitar-0.9-1.17 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13163-1 ruby3.2-rubygem-minitar-0.9-1.13 on GA media

These are all security issues fixed in the ruby3.2-rubygem-minitar-0.9-1.13 package on the GA media of openSUSE Tumbleweed...

Debian: Security Advisory (DLA-808-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-10173

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...

Tarball permission preservation in puppet

When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created...

Tarball permission preservation in puppet

When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created...

SUSE: Security Advisory (SUSE-SU-2021:0115-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-CWP3-834G-X79G Moderate severity vulnerability that affects archive-tar-minitar and minitar

Withdrawn, accidental duplicate publish. Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...

Escalation Of Privileges

puppet is vulnerable to escalation of privileges through world writable permissions. The vulnerabilities exists through modules which are unpacked with minitar, allowing files to be unpacked with higher privileges...

Ruby Archive::Tar::Minitar: Directory traversal

Background Archive::Tar::Minitar is a pure-Ruby library and command-line utility that provides the ability to deal with POSIX tar1 archive files. Description Michal Marek discovered that Ruby Archive::Tar::Minitar is vulnerable to a directory traversal vulnerability. Impact A remote attacker coul...

openSUSE Security Update : rubygem-minitar (openSUSE-2017-231)

This update for rubygem-minitar fixes the following issues : - CVE-2016-10173: Fixed a directory traversal vulnerability in rubygem-minitar, rubygem-archive-tar-minitar. boo1021740 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

RubyGems minitar and archive-tar-minitar local directory traversal vulnerability

minitar formerly archive-tar-minitar is a pure Ruby library and command-line utility for working with POSIX tar archives. A directory traversal vulnerability exists in versions prior to minitar 0.6 and archive-tar-minitar 0.5.2 gems. An attacker can exploit this vulnerability to write arbitrary...

Debian: Security Advisory (DSA-3778-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3778-1 (ruby-archive-tar-minitar - security update)

Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot do...

Directory traversal

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...

UBUNTU-CVE-2016-10173

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...

DEBIAN-CVE-2016-10173

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...