patches/packages/ruby-2.2.9-i586-1_slack14.2.txz
This update fixes a security issue:
Net::
FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile
use Kernel#open to open a local file. If the localfile argument starts with
the pipe character “|”, the command following the pipe character is executed.
The default value of localfile is File.basename(remotefile), so malicious
FTP
servers could cause arbitrary command execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17405
(* Security fix *)