First published: Mon Mar 15 2021(Updated: )
It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/ant | <1.10.7-1ubuntu0.1~esm1 | 1.10.7-1ubuntu0.1~esm1 |
=20.04 | ||
All of | ||
ubuntu/ant | <1.10.5-3~18.04.1~esm1 | 1.10.5-3~18.04.1~esm1 |
=18.04 | ||
All of | ||
ubuntu/ant | <1.9.6-1ubuntu1.1+esm1 | 1.9.6-1ubuntu1.1+esm1 |
=16.04 | ||
All of | ||
ubuntu/ant | <1.9.3-2ubuntu0.1+esm1 | 1.9.3-2ubuntu0.1+esm1 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Apache Ant vulnerability is USN-4874-1.
This vulnerability allows an attacker to read sensitive information leaked into /tmp or potentially inject malicious code into a project built with Apache Ant.
Versions 1.10.7-1ubuntu0.1~esm1, 1.10.5-3~18.04.1~esm1, 1.9.6-1ubuntu1.1+esm1, and 1.9.3-2ubuntu0.1+esm1 of Apache Ant are affected by this vulnerability.
To fix this vulnerability, update Apache Ant to version 1.10.7-1ubuntu0.1~esm1 for Ubuntu 20.04, 1.10.5-3~18.04.1~esm1 for Ubuntu 18.04, 1.9.6-1ubuntu1.1+esm1 for Ubuntu 16.04, and 1.9.3-2ubuntu0.1+esm1 for Ubuntu 14.04.
You can find more information about this vulnerability on the Ubuntu security advisory page: [CVE-2020-1945](https://ubuntu.com/security/CVE-2020-1945), [USN-4380-1](https://ubuntu.com/security/notices/USN-4380-1), [USN-4874-1](https://ubuntu.com/security/notices/USN-4874-1).