Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 19.10: USN-4295-1 Critical: Rake Arbitrary Command Execution

ubuntu
Calendar Grey March 3, 2020
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-4295-1 discusses a severe vulnerability in rake that permits the execution of arbitrary commands through specially designed files.
Rake could be made run arbitrary commands it received a specially crafted file.

Summary

Rake could be made run arbitrary commands it received a specially crafted file.

Software Description:

- rake: Ruby make-like utility

Details:

It was discovered that Rake incorrectly handled certain files.

An attacker could use this issue to possibly execute arbitrary commands.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  rake                            12.3.1-3ubuntu0.1

Ubuntu 18.04 LTS:
  rake                            12.3.1-1ubuntu0.1

Ubuntu 16.04 LTS:
  rake                            10.5.0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4295-1

CVE-2020-8130

Severity
critical
Lowest
Low
Medium
High
Critical

March 03, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here