Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

SUSE: 2018:2866-1 Moderate Update for Ant Path Traversal Security Fix

suse
Calendar Grey September 26, 2018
Scroller Suse
A recent update for Ant resolves a path traversal vulnerability that permits unauthorized file writing, affecting SUSE Linux Enterprise systems.
An update that fixes one vulnerability is now available

Summary

This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2021=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (noarch): ant-1.9.10-3.3.1 ant-antlr-1.9.10-3.3.1 ant-apache-bcel-1.9.10-3.3.1 ant-apache-bsf-1.9.10-3.3.1 ant-apache-log4j-1.9.10-3.3.1

References

#1100053

Cross- CVE-2018-10886

Affected Products:

SUSE Linux Enterprise Module for Development Tools 15

https://www.suse.com/security/cve/CVE-2018-10886.html

https://bugzilla.suse.com/1100053

Announcement ID: SUSE-SU-2018:2866-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.