CVE-2012-2139: Path Traversal
First published: Wed Mar 14 2012(Updated: )
A flaw was corrected in rubygem-mail version 2.4.4: A file system traversal in file_delivery method [1]. [1] <a href="https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f">https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rubygems/mail | <2.4.4 | 2.4.4 |
| redhat/converge-ui-devel | <0:1.0.4-1.el6cf | 0:1.0.4-1.el6cf |
| redhat/puppet | <0:2.6.17-2.el6cf | 0:2.6.17-2.el6cf |
| redhat/rubygem-actionpack | <1:3.0.10-10.el6cf | 1:3.0.10-10.el6cf |
| redhat/rubygem-activerecord | <1:3.0.10-6.el6cf | 1:3.0.10-6.el6cf |
| redhat/rubygem-activesupport | <1:3.0.10-4.el6cf | 1:3.0.10-4.el6cf |
| redhat/rubygem-compass | <0:0.11.5-2.el6cf | 0:0.11.5-2.el6cf |
| redhat/rubygem-compass | <960-plugin-0:0.10.4-2.el6cf | 960-plugin-0:0.10.4-2.el6cf |
| redhat/rubygem-mail | <0:2.3.0-3.el6cf | 0:2.3.0-3.el6cf |
| redhat/rubygem-net-ldap | <0:0.1.1-3.el6cf | 0:0.1.1-3.el6cf |
| redhat/rubgem-mail | <2.4.4 | 2.4.4 |
| Rubygems Mail Gem | <=2.4.3 | |
| Rubygems Mail Gem | =2.3.2 | |
| Rubygems Mail Gem | =2.3.3 | |
| Rubygems Mail Gem | =2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2012-2139
- https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f
- https://bugzilla.novell.com/show_bug.cgi?id=759092
- https://bugzilla.redhat.com/show_bug.cgi?id=816352
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html
- http://www.openwall.com/lists/oss-security/2012/04/25/8
- http://www.openwall.com/lists/oss-security/2012/04/26/1
- https://github.com/advisories/GHSA-cj92-c4fj-w9c5 (Advisory)
- https://www.cve.org/CVERecord?id=CVE-2012-2139 https://nvd.nist.gov/vuln/detail/CVE-2012-2139
- https://bugzilla.redhat.com/show_bug.cgi?id=891762
- https://access.redhat.com/errata/RHSA-2012:1542
- https://access.redhat.com/security/cve/CVE-2012-2139
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=816352
- https://access.redhat.com/security/cve/CVE-2012-2140
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=816352#c13
- http://secunia.com/advisories/48970
- collector/github-advisory-latest
- alias/GHSA-cj92-c4fj-w9c5
- alias/CVE-2012-2139
- collector/github-advisory
- collector/redhat-cve
- collector/redhat-bugzilla
- collector/nvd-cve
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/rubygems
- package-manager/redhat
- vendor/rubygems
- canonical/rubygems mail gem
- version/rubygems mail gem/2.4.3
- version/rubygems mail gem/2.3.2
- version/rubygems mail gem/2.3.3
- version/rubygems mail gem/2.4.1