Amazon Linux 1 Security Advisory: ALAS-2018-1047
Advisory Release Date: 2018-07-23 20:56 Pacific
Advisory Updated Date: 2018-07-24 21:07 Pacific
It was discovered that Ant's unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.(CVE-2018-10886)
Affected Packages:
ant
Issue Correction:
Run yum update ant to update your system.
noarch:
ant-javadoc-1.8.3-1.14.amzn1.noarch
ant-commons-net-1.8.3-1.14.amzn1.noarch
ant-commons-logging-1.8.3-1.14.amzn1.noarch
ant-antlr-1.8.3-1.14.amzn1.noarch
ant-apache-oro-1.8.3-1.14.amzn1.noarch
ant-apache-resolver-1.8.3-1.14.amzn1.noarch
ant-1.8.3-1.14.amzn1.noarch
ant-scripts-1.8.3-1.14.amzn1.noarch
ant-testutil-1.8.3-1.14.amzn1.noarch
ant-swing-1.8.3-1.14.amzn1.noarch
ant-manual-1.8.3-1.14.amzn1.noarch
ant-jdepend-1.8.3-1.14.amzn1.noarch
ant-apache-bsf-1.8.3-1.14.amzn1.noarch
ant-apache-xalan2-1.8.3-1.14.amzn1.noarch
ant-jmf-1.8.3-1.14.amzn1.noarch
ant-javamail-1.8.3-1.14.amzn1.noarch
ant-apache-log4j-1.8.3-1.14.amzn1.noarch
ant-apache-bcel-1.8.3-1.14.amzn1.noarch
ant-jsch-1.8.3-1.14.amzn1.noarch
ant-junit-1.8.3-1.14.amzn1.noarch
ant-apache-regexp-1.8.3-1.14.amzn1.noarch
src:
ant-1.8.3-1.14.amzn1.src