|
|
Subscribe / Log in / New account

Arch Linux alert ASA-202009-7 (netbeans)



From:
              Morten Linderud <foxboron@archlinux.org>


To:
              arch-security@archlinux.org


Subject:
              [ASA-202009-7] netbeans: arbitrary code execution


Date:
              Thu, 17 Sep 2020 23:39:03 +0200


Message-ID:
              <20200917213903.bjh4akao5dkxovcr@anathema>


Arch Linux Security Advisory ASA-202009-7
=========================================

Severity: Critical
Date    : 2020-09-14
CVE-ID  : CVE-2020-11986
Package : netbeans
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1221

Summary
=======

The package netbeans before version 12.0_u1-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 12.0_u1-1.

# pacman -Syu "netbeans>=12.0_u1-1"

The problem has been fixed upstream in version 12.0_u1.

Workaround
==========

None.

Description
===========

Opening a Gradle project with Apache NetBeans <= 12.0 executes a
foreign script immediately.

Impact
======

An attacker can trick the user to run code with a malicious gradle
project.

References
==========

https://www.openwall.com/lists/oss-security/2020/09/07/2
https://security.archlinux.org/CVE-2020-11986
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds