Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.

Summary ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant. Vulnerability Details...

SUSE CVE-2018-10886

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None...

SUSE: Security Advisory (SUSE-SU-2018:2789-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2866-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1351-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2838-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : ant (openSUSE-2020-703)

This update for ant fixes the following issues : Security issue fixed : - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution bsc1100053. Non-security issues fixed : - Add rhino to the...

openSUSE: Security Advisory for ant (openSUSE-SU-2020:0703-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : ant (openSUSE-2019-729)

This update for ant fixes the following issues : Security issue fixed : - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution bsc1100053 This update was imported from the...

Fedora 28 : ant (2018-cba3ccd747)

Backport fix for arbitrary file write vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

openSUSE: Security Advisory for ant (openSUSE-SU-2018:2895-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2018:2838-1 Security update for ant

This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution bsc1100053...

Debian DLA-1457-1 : ant security update

The fix for CVE-2018-10886 was incomplete in the previous upload. New changes was implemented upstream which check and resolve symlinks before expanding the archives. For Debian 8 'Jessie', this problem has been fixed in version 1.9.4-3+deb8u2. We recommend that you upgrade your ant packages. NOT...

[SECURITY] [DLA 1457-1] ant security update

Package : ant Version : 1.9.4-3+deb8u2 CVE ID : TEMP-0904191-9063D5 Debian Bug : 904191 The fix for CVE-2018-10886 was incomplete in the previous upload. New changes was implemented upstream which check and resolve symlinks before expanding the archives. For Debian 8 "Jessie", this problem has be...

Debian: Security Advisory (DLA-1457-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : ant (ALAS-2018-1047)

It was discovered that Ant's unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.CVE-2018-10886 C Tenable Network Security, In...

Debian DSA-4255-1 : ant - security update

Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writabl...

[SECURITY] [DSA 4255-1] ant security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4255-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4255-1] ant security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4255-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2018 https://www.debian.org/security/faq -...

Medium: ant

Issue Overview: It was discovered that Ant's unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.CVE-2018-10886 Affected...