Red Hat Bugzilla – Bug 1547426
CVE-2018-1000079 rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations
Last modified: 2018-06-29 18:33:33 EDT
Path traversal issue during gem installation allows to write to arbitrary filesystem locations. Upstream fixes: https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759 https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099 External References: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
Created rubygems tracking bugs for this issue: Affects: fedora-all [bug 1547431]
Statement: This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.