openSUSE Security Update : perl-Archive-Zip (openSUSE-2018-904)
Medium Nessus Plugin ID 112004
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for perl-Archive-Zip fixes the following security issue :
- CVE-2018-10860: Prevent directory traversal caused by
not properly sanitizing paths while extracting zip
files. An attacker able to provide a specially crafted
archive for processing could have used this flaw to
write or overwrite arbitrary files in the context of the
perl interpreter (bsc#1099497)
This update was imported from the SUSE:SLE-15:Update update project.
SolutionUpdate the affected perl-Archive-Zip package.