openSUSE-SU-2018:2438-1

Опубликовано: 19 авг. 2018

Источник: suse-cvrf

Описание

Security update for perl-Archive-Zip

This update for perl-Archive-Zip fixes the following security issue:

CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter (bsc#1099497)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

perl-Archive-Zip-1.60-lp150.2.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00069.html
E-Mail link for openSUSE-SU-2018:2438-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

Затронутые продукты

openSUSE Leap 15.0:perl-Archive-Zip-1.60-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10860.html
CVE-2018-10860
https://bugzilla.suse.com/1099497
SUSE Bug 1099497

openSUSE-SU-2018:2438-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-10860

Описание

Затронутые продукты

Ссылки