OVAL Reference oval:org.opensuse.security:def:20175946

Oval Definition:

oval:org.opensuse.security:def:20175946

Revision Date:	2022-06-30	Version:	1
Title:	CVE-2017-5946
Description:	The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-5946 Mitre CVE-2017-5946 SUSE CVE-2017-5946 openSUSE-SU-2017:2120-1
Platform(s):	openSUSE Leap 42.2 openSUSE Leap 42.3 openSUSE Tumbleweed	Product(s):
Definition Synopsis
openSUSE Leap 42.2 is installed AND Package Information ruby2.1-rubygem-rubyzip-1.1.7-5.3.1 is installed AND ruby2.1-rubygem-rubyzip is signed with openSUSE key OR ruby2.1-rubygem-rubyzip-doc-1.1.7-5.3.1 is installed AND ruby2.1-rubygem-rubyzip-doc is signed with openSUSE key OR ruby2.1-rubygem-rubyzip-testsuite-1.1.7-5.3.1 is installed AND ruby2.1-rubygem-rubyzip-testsuite is signed with openSUSE key OR rubygem-rubyzip-1.1.7-5.3.1 is installed AND rubygem-rubyzip is signed with openSUSE key
Definition Synopsis
openSUSE Leap 42.3 is installed AND Package Information ruby2.1-rubygem-rubyzip-1.1.7-8 is installed AND ruby2.1-rubygem-rubyzip is signed with openSUSE key OR ruby2.1-rubygem-rubyzip-doc-1.1.7-8 is installed AND ruby2.1-rubygem-rubyzip-doc is signed with openSUSE key OR ruby2.1-rubygem-rubyzip-testsuite-1.1.7-8 is installed AND ruby2.1-rubygem-rubyzip-testsuite is signed with openSUSE key OR ruby2.2-rubygem-rubyzip-1.1.7-8 is installed AND ruby2.2-rubygem-rubyzip is signed with openSUSE key OR ruby2.2-rubygem-rubyzip-doc-1.1.7-8 is installed AND ruby2.2-rubygem-rubyzip-doc is signed with openSUSE key OR ruby2.2-rubygem-rubyzip-testsuite-1.1.7-8 is installed AND ruby2.2-rubygem-rubyzip-testsuite is signed with openSUSE key OR ruby2.3-rubygem-rubyzip-1.1.7-8 is installed AND ruby2.3-rubygem-rubyzip is signed with openSUSE key OR ruby2.3-rubygem-rubyzip-doc-1.1.7-8 is installed AND ruby2.3-rubygem-rubyzip-doc is signed with openSUSE key OR ruby2.3-rubygem-rubyzip-testsuite-1.1.7-8 is installed AND ruby2.3-rubygem-rubyzip-testsuite is signed with openSUSE key OR ruby2.4-rubygem-rubyzip-1.1.7-8 is installed AND ruby2.4-rubygem-rubyzip is signed with openSUSE key OR ruby2.4-rubygem-rubyzip-doc-1.1.7-8 is installed AND ruby2.4-rubygem-rubyzip-doc is signed with openSUSE key OR ruby2.4-rubygem-rubyzip-testsuite-1.1.7-8 is installed AND ruby2.4-rubygem-rubyzip-testsuite is signed with openSUSE key OR rubygem-rubyzip-1.1.7-8 is installed AND rubygem-rubyzip is signed with openSUSE key
Definition Synopsis
openSUSE Tumbleweed is installed AND Package Information ruby2.7-rubygem-rubyzip-2.3.2-1.2 is installed OR ruby3.0-rubygem-rubyzip-2.3.2-1.2 is installed

BACK