Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
198
security advisorydenial of servicesoftware updateArch Linux ASA-202107-43: Ant Package DoS Risk and Resolution
The package ant before version 1.10.11-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-202107-43 ========================================= Severity: Low Date : 2021-07-20 CVE-ID : CVE-2021-36373 CVE-2021-36374 Package : ant Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-2151 Summary ====== The package ant before version 1.10.11-1 is vulnerable to denial of service. Resolution ========= Upgrade to 1.10.11-1. # pacman -Syu "ant> =1.10.11-1" The problems have been fixed upstream in version 1.10.11. Workaround ========= None. Description ========== - CVE-2021-36373 (denial of service) When reading a specially crafted TAR archive, Apache Ant before version 1.10.11 can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. - CVE-2021-36374 (denial of service) When reading a specially crafted ZIP archive, or a derived format, Apache Ant before version 1.10.11 can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Impact ===== A crafted TAR or ZIP archive could consume large amounts of memory, leading to denial of service. References ========= https://www.openwall.com/lists/oss-security/2021/07/13/5 https://github.com/apache/ant/commit/6594a2d66f7f060dafcbbf094dd60676db19a842 https://www.openwall.com/lists/oss-security/2021/07/13/6 https://security.archlinux.org/CVE-2021-36373 https://security.archlinux.org/CVE-2021-36374 . The Fedora Security Advisory FSA-202107-29 highlights a minor risk of service disruption linked to the gcc package.. Arch Linux Security, Ant Package Update, Denial of Service Threats. . Severity: Low. LinuxSecurity.com Team
Jul 20, 2021
•Low
ArchLinux
198
security advisorysecurity issueupdateArch Linux ASA-202012-5: Ant Arbitrary Code Execution Medium Risk
The package ant before version 1.10.9-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-202012-5 ======================================== Severity: Medium Date : 2020-12-05 CVE-ID : CVE-2020-11979 Package : ant Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1312 Summary ====== The package ant before version 1.10.9-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.10.9-1. # pacman -Syu "ant> =1.10.9-1" The problem has been fixed upstream in version 1.10.9. Workaround ========= The issue can be mitigated by making Ant use a directory that is only readable and writable by the current user. Description ========== As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Impact ===== A local attacker might be able to execute arbitrary code by injecting modified source files into the build process at the exact right moment. References ========= https://lists.apache.org/thread/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E https://security.archlinux.org/CVE-2020-11979 . Arch Linux ASA-202201-7 outlines an information disclosure vulnerability in the OpenSSL package assessed with medium severity.. Ant Package Update, Arch Linux Advisory, Code Execution Risk. . Severity: Medium. LinuxSecurity.com Team
Dec 09, 2020
•Medium
ArchLinux
203
security advisoryinformation leakcriticalMageia: 2020-0237 Critical: Apache Ant Task Injection Security Issue
Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy . MGASA-2020-0237 - Updated ant packages fix security vulnerability Publication date: 27 May 2020 URL: https://advisories.mageia.org/MGASA-2020-0237.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-1945 Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process (CVE-2020-1945). The ant package has been updated to version 1.10.8 to fix this issue and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=26618 - https://ant.apache.org/security.html - https://ant.apache.org/antnews.html - https://www.cve.org/CVERecord?id=CVE-2020-1945 SRPMS: - 7/core/ant-1.10.8-1.mga7 . The latest Ant updates for Mageia address a critical security vulnerability that exposes sensitive information in the default Java directory.. Apache Ant Update, Mageia Security Fix, Task Injection Issue, Data Leak Vulnerability. . Severity: Critical. LinuxSecurity.com Team
May 27, 2020
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!