ruby3.2-rubygem-minitar-0.9-1.13 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13163 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ruby3.2-rubygem-minitar-0.9-1.13 on GA media These are all security issues fixed in the ruby3.2-rubygem-minitar-0.9-1.13 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13163 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13163 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-10173/ SUSE CVE CVE-2016-10173 page openSUSE Tumbleweed ruby3.2-rubygem-minitar-0.9-1.13 ruby3.2-rubygem-minitar-0.9-1.13 as a component of openSUSE Tumbleweed Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. CVE-2016-10173 openSUSE Tumbleweed:ruby3.2-rubygem-minitar-0.9-1.13 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10173.html CVE-2016-10173 https://bugzilla.suse.com/1021740 SUSE Bug 1021740 https://bugzilla.suse.com/1096174 SUSE Bug 1096174