Описание
Security update for perl
This update for perl fixes the following issues:
- CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
perl-5.26.1-7.3.1
perl-base-5.26.1-7.3.1
perl-base-32bit-5.26.1-7.3.1
SUSE Linux Enterprise Module for Development Tools 15
perl-doc-5.26.1-7.3.1
Ссылки
- Link for SUSE-SU-2018:1977-1
- E-Mail link for SUSE-SU-2018:1977-1
- SUSE Security Ratings
- SUSE Bug 1096718
- SUSE CVE CVE-2018-12015 page
Описание
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:perl-5.26.1-7.3.1
SUSE Linux Enterprise Module for Basesystem 15:perl-base-32bit-5.26.1-7.3.1
SUSE Linux Enterprise Module for Basesystem 15:perl-base-5.26.1-7.3.1
SUSE Linux Enterprise Module for Development Tools 15:perl-doc-5.26.1-7.3.1
Ссылки
- CVE-2018-12015
- SUSE Bug 1096718
- SUSE Bug 1099497
- SUSE Bug 1099507
- SUSE Bug 1106717