Описание
Security update for perl-Archive-Zip
This update for perl-Archive-Zip fixes the following security issue:
- CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
perl-Archive-Zip-1.24-4.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
perl-Archive-Zip-1.24-4.3.1
Ссылки
- Link for SUSE-SU-2018:2388-1
- E-Mail link for SUSE-SU-2018:2388-1
- SUSE Security Ratings
- SUSE Bug 1099497
- SUSE CVE CVE-2018-10860 page
Описание
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:perl-Archive-Zip-1.24-4.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:perl-Archive-Zip-1.24-4.3.1
Ссылки
- CVE-2018-10860
- SUSE Bug 1099497