SUSE-SU-2020:1351-1

Опубликовано: 20 мая 2020

Источник: suse-cvrf

Описание

Security update for ant

This update for ant fixes the following issues:

Security issue fixed:

CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053).

Non-security issues fixed:

Add rhino to the ant-apache-bsf optional tasks (bsc#1134001).
Remove jakarta-commons-logging dependencies (bsc#1133997).
Use apache-commons-logging in optional tasks

Список пакетов

SUSE Linux Enterprise Server 12 SP4

ant-1.9.4-3.6.1

SUSE Linux Enterprise Server 12 SP5

ant-1.9.4-3.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

ant-1.9.4-3.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

ant-1.9.4-3.6.1

SUSE Linux Enterprise Software Development Kit 12 SP4

ant-1.9.4-3.6.1

ant-antlr-1.9.4-3.6.1

ant-apache-bcel-1.9.4-3.6.1

ant-apache-bsf-1.9.4-3.6.1

ant-apache-log4j-1.9.4-3.6.1

ant-apache-oro-1.9.4-3.6.1

ant-apache-regexp-1.9.4-3.6.1

ant-apache-resolver-1.9.4-3.6.1

ant-commons-logging-1.9.4-3.6.1

ant-javadoc-1.9.4-3.6.1

ant-javamail-1.9.4-3.6.1

ant-jdepend-1.9.4-3.6.1

ant-jmf-1.9.4-3.6.1

ant-junit-1.9.4-3.6.1

ant-manual-1.9.4-3.6.1

ant-scripts-1.9.4-3.6.1

ant-swing-1.9.4-3.6.1

SUSE Linux Enterprise Software Development Kit 12 SP5

ant-1.9.4-3.6.1

ant-antlr-1.9.4-3.6.1

ant-apache-bcel-1.9.4-3.6.1

ant-apache-bsf-1.9.4-3.6.1

ant-apache-log4j-1.9.4-3.6.1

ant-apache-oro-1.9.4-3.6.1

ant-apache-regexp-1.9.4-3.6.1

ant-apache-resolver-1.9.4-3.6.1

ant-commons-logging-1.9.4-3.6.1

ant-javadoc-1.9.4-3.6.1

ant-javamail-1.9.4-3.6.1

ant-jdepend-1.9.4-3.6.1

ant-jmf-1.9.4-3.6.1

ant-junit-1.9.4-3.6.1

ant-manual-1.9.4-3.6.1

ant-scripts-1.9.4-3.6.1

ant-swing-1.9.4-3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201351-1/
Link for SUSE-SU-2020:1351-1
https://lists.suse.com/pipermail/sle-security-updates/2020-May/006838.html
E-Mail link for SUSE-SU-2020:1351-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1100053
SUSE Bug 1100053
https://bugzilla.suse.com/1133997
SUSE Bug 1133997
https://bugzilla.suse.com/1134001
SUSE Bug 1134001
https://www.suse.com/security/cve/CVE-2018-10886/
SUSE CVE CVE-2018-10886 page

Описание

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None

Затронутые продукты

SUSE Linux Enterprise Server 12 SP4:ant-1.9.4-3.6.1

SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4:ant-1.9.4-3.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10886.html
CVE-2018-10886
https://bugzilla.suse.com/1100053
SUSE Bug 1100053

SUSE-SU-2020:1351-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2018-10886

Описание

Затронутые продукты

Ссылки