ant-1.10.12-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11688-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ant-1.10.12-1.1 on GA media These are all security issues fixed in the ant-1.10.12-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11688 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-36373/ SUSE CVE CVE-2021-36373 page https://www.suse.com/security/cve/CVE-2021-36374/ SUSE CVE CVE-2021-36374 page openSUSE Tumbleweed ant-1.10.12-1.1 ant-jmf-1.10.12-1.1 ant-scripts-1.10.12-1.1 ant-swing-1.10.12-1.1 ant-1.10.12-1.1 as a component of openSUSE Tumbleweed ant-jmf-1.10.12-1.1 as a component of openSUSE Tumbleweed ant-scripts-1.10.12-1.1 as a component of openSUSE Tumbleweed ant-swing-1.10.12-1.1 as a component of openSUSE Tumbleweed When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. CVE-2021-36373 openSUSE Tumbleweed:ant-1.10.12-1.1 openSUSE Tumbleweed:ant-jmf-1.10.12-1.1 openSUSE Tumbleweed:ant-scripts-1.10.12-1.1 openSUSE Tumbleweed:ant-swing-1.10.12-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-36373.html CVE-2021-36373 https://bugzilla.suse.com/1188468 SUSE Bug 1188468 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. CVE-2021-36374 openSUSE Tumbleweed:ant-1.10.12-1.1 openSUSE Tumbleweed:ant-jmf-1.10.12-1.1 openSUSE Tumbleweed:ant-scripts-1.10.12-1.1 openSUSE Tumbleweed:ant-swing-1.10.12-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-36374.html CVE-2021-36374 https://bugzilla.suse.com/1188469 SUSE Bug 1188469