ALAS-2018-1047


Amazon Linux 1 Security Advisory: ALAS-2018-1047
Advisory Release Date: 2018-07-23 20:56 Pacific
Advisory Updated Date: 2018-07-24 21:07 Pacific
Severity: Medium

Issue Overview:

It was discovered that Ant's unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.(CVE-2018-10886)


Affected Packages:

ant


Issue Correction:
Run yum update ant to update your system.

New Packages:
noarch:
    ant-javadoc-1.8.3-1.14.amzn1.noarch
    ant-commons-net-1.8.3-1.14.amzn1.noarch
    ant-commons-logging-1.8.3-1.14.amzn1.noarch
    ant-antlr-1.8.3-1.14.amzn1.noarch
    ant-apache-oro-1.8.3-1.14.amzn1.noarch
    ant-apache-resolver-1.8.3-1.14.amzn1.noarch
    ant-1.8.3-1.14.amzn1.noarch
    ant-scripts-1.8.3-1.14.amzn1.noarch
    ant-testutil-1.8.3-1.14.amzn1.noarch
    ant-swing-1.8.3-1.14.amzn1.noarch
    ant-manual-1.8.3-1.14.amzn1.noarch
    ant-jdepend-1.8.3-1.14.amzn1.noarch
    ant-apache-bsf-1.8.3-1.14.amzn1.noarch
    ant-apache-xalan2-1.8.3-1.14.amzn1.noarch
    ant-jmf-1.8.3-1.14.amzn1.noarch
    ant-javamail-1.8.3-1.14.amzn1.noarch
    ant-apache-log4j-1.8.3-1.14.amzn1.noarch
    ant-apache-bcel-1.8.3-1.14.amzn1.noarch
    ant-jsch-1.8.3-1.14.amzn1.noarch
    ant-junit-1.8.3-1.14.amzn1.noarch
    ant-apache-regexp-1.8.3-1.14.amzn1.noarch

src:
    ant-1.8.3-1.14.amzn1.src