SUSE-SU-2018:2789-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2018-10886

Published: 21 Sept 2018, 11:51

Last modified:02 May 2025, 04:07

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Sept 2018, 11:51

Published

Vulnerability first disclosed

02 May 2025, 04:07

Last Modified

Vulnerability information updated

Description

Security update for ant This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053) Other changes made: - Removed support for javadoc - Default value for stripAbsolutePathSpec changed to 'true'

Affected Systems

suse•ant-antlr&distro=SUSE Linux Enterprise Server 11 SP4
< 1.7.1-16.11.5.1
suse•ant-antlr&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 1.7.1-16.11.5.1
suse•ant-antlr&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 1.7.1-16.11.5.1
suse•ant&distro=SUSE Linux Enterprise Server 11 SP4
< 1.7.1-20.11.5.1
suse•ant&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 1.7.1-20.11.5.1
suse•ant&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 1.7.1-20.11.5.1

SUSE-SU-2018:2789-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)