Candidate: CVE-2017-1000026
PublicDate: 2017-07-17 13:18:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000026
 https://github.com/chef/mixlib-archive/pull/6
 https://github.com/chef/mixlib-archive/pull/6/commits/3a874a24aed6ee93fbccf97efe0ecc999bafe87d
 https://github.com/chef/mixlib-archive/blob/master/CHANGELOG.md
Description:
 Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a
 directory traversal attack allowing attackers to overwrite arbitrary files
 by using ".." in tar archive entries
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868572
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_ruby-mixlib-archive:
upstream_ruby-mixlib-archive: released (0.4.1-1)
precise/esm_ruby-mixlib-archive: DNE
trusty_ruby-mixlib-archive: DNE
trusty/esm_ruby-mixlib-archive: DNE
vivid/ubuntu-core_ruby-mixlib-archive: DNE
xenial_ruby-mixlib-archive: DNE
yakkety_ruby-mixlib-archive: DNE
zesty_ruby-mixlib-archive: ignored (reached end-of-life)
artful_ruby-mixlib-archive: ignored (reached end-of-life)
bionic_ruby-mixlib-archive: not-affected (0.4.1-1)
cosmic_ruby-mixlib-archive: not-affected (0.4.1-1)
devel_ruby-mixlib-archive: not-affected (0.4.1-1)