Mageia: 2020-0237 Critical: Apache Ant Task Injection Security Issue

mageia

May 27, 2020

Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may th...

Summary

Updated ant packages fix security vulnerability:
Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process (CVE-2020-1945).
The ant package has been updated to version 1.10.8 to fix this issue and other bugs.

References

- https://bugs.mageia.org/show_bug.cgi?id=26618

- https://ant.apache.org/security.html

- https://ant.apache.org/antnews.html

- https://www.cve.org/CVERecord?id=CVE-2020-1945

Topics Covered

security advisory information leak critical Mageia apache ant ant package task injection

Resolution

SRPMS

- 7/core/ant-1.10.8-1.mga7

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 27 May 2020

URL: https://advisories.mageia.org/MGASA-2020-0237.html

Type: security

CVE: CVE-2020-1945

Topics Covered

security advisory information leak critical Mageia apache ant ant package task injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks