whoopsie: Ubuntu error tracker submission Details: USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4170-1 caused a regression in Whoopsie.
Red Hat OpenShift Container Platform is Red Hat"s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The atomic-openshift-web-console package provides the management console for OpenShift Container Platform. Security Fix: * xterm.js: Mishandling of special characters allows for code execution For more details about the security issue, in ...
It was discovered that Ant#039;s unzip and untar targets permit the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.
Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writable by the user running ant.
This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution Other changes made: - Removed support for javadoc - Default value for stripAbsolutePathSpec changed to "true"
This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution . Non-security issues fixed: - Add rhino to the ant-apache-bsf optional tasks . - Remove jakarta-commons-logging dependencies . - Use apache-commons-logging in optio ...