maven:3.5 security update

エラータID: AXSA:2022-3741:01

Release date: 
Friday, August 26, 2022 - 04:55
Subject: 
maven:3.5 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.

Security Fix(es):

* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Modularity name: maven
Stream name: 3.5

Solution: 

Update packages.

CVEs: 
CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Additional Info: 

N/A

Download: 

SRPMS
  1. aopalliance-1.0-17.module+el8+1497+815c365f.src.rpm
    MD5: 2bf4e7e195db6de1fd70f0a8a948b9be
    SHA-256: 0159f9698d70152dbd9dbc775e45282c16a31affc63822227b1e1f780cce0474
    Size: 21.43 kB
  2. apache-commons-cli-1.4-4.module+el8+1497+815c365f.src.rpm
    MD5: 23c1a294292fbd314ac6a0a3c2bf0854
    SHA-256: 9e8fd6be506c949f838407937c4cd54c0fc93db94660532ce0c9ca8157f39a6a
    Size: 157.74 kB
  3. apache-commons-codec-1.11-3.module+el8+1497+815c365f.src.rpm
    MD5: 19f90e04fc2c55d99f3ea55d03321aa1
    SHA-256: 660ec45e250ce0c0f7dd998e2e60df64deacbe1f33ecf7f86db4fc37ac95cab9
    Size: 378.29 kB
  4. apache-commons-io-2.6-3.module+el8+1497+815c365f.src.rpm
    MD5: 42c8e2324c28ca80f2a798772caef26b
    SHA-256: 56380bace1a35960d055daed519d0b91c55f160dd911ac417d3e6dbe6b1b4770
    Size: 386.45 kB
  5. apache-commons-lang3-3.7-3.module+el8+1497+815c365f.src.rpm
    MD5: 2c81df7fb3d8a88c0fcaa6bf003bb950
    SHA-256: 0f46965084ec61bceb44a801c1d2de74913959f51e86f7ea8193907bdf1994ba
    Size: 854.00 kB
  6. apache-commons-logging-1.2-13.module+el8+1497+815c365f.src.rpm
    MD5: 196b3edd8f8d1db1e70f1c75107bda0a
    SHA-256: 5d4bf200b84ea5fa8ec65f9ab9005d3809b8bb38f6d1c3a9e127b2c839308fb7
    Size: 205.26 kB
  7. atinject-1-28.20100611svn86.module+el8+1497+815c365f.src.rpm
    MD5: db3d0e51ad3440cb61951829a69e85c1
    SHA-256: ebfbce7aa0392d126b24df02e01ef394846c4c0f55a7656bbb85d877c6879e23
    Size: 33.35 kB
  8. cdi-api-1.2-8.module+el8+1497+815c365f.src.rpm
    MD5: 61fa4afc59061f52740ec7bfcf1fe4c6
    SHA-256: eedfffef2b89810c1a25f863fc27b55b8d0f6b10b561d5267489486a8ce3fbb5
    Size: 143.75 kB
  9. geronimo-annotation-1.0-23.module+el8+1497+815c365f.src.rpm
    MD5: 6a868533e5600fa74e65e9344e90b602
    SHA-256: 57821ae76c4e3b8c099980c05ecb1e999bd143b148baf05b514a54ec3ec098ce
    Size: 26.90 kB
  10. glassfish-el-3.0.1-0.7.b08.module+el8+1497+815c365f.src.rpm
    MD5: 6892c0b8ec780d856f00e30651f1a2a1
    SHA-256: 22184624da495d008a85735d0c5cd105be690577837dd79d6b26c6b2946ff1be
    Size: 116.05 kB
  11. google-guice-4.1-11.module+el8+1497+815c365f.src.rpm
    MD5: 87a83d60f7f335aecddeffbf9068ee9f
    SHA-256: ae7da25efbf4f9018058bd7efdb9881dee15628bf6915d9920fda9f6fef733f4
    Size: 374.59 kB
  12. guava20-20.0-8.module+el8+1497+815c365f.src.rpm
    MD5: e74759c7722e40390a869f0bd2380ee8
    SHA-256: ea374c0b7365c870ffa6d981f305f35571f76e5648a287e46c43932edb2a5f3e
    Size: 2.31 MB
  13. hawtjni-1.16-2.module+el8+1497+815c365f.src.rpm
    MD5: 227876ea6d7c0816403616449b28884f
    SHA-256: a40bd4e25716a2173dddb20e3e13bc8b2a82be0c75af2a1f624c127245b1340c
    Size: 1.55 MB
  14. httpcomponents-client-4.5.5-5.module+el8+1497+815c365f.src.rpm
    MD5: 49dcd07e2b00c7cbae16a0553f72d976
    SHA-256: 997d526072cd9eae0f8f1b47d69a3b8acc46f8cb2ee82c8441df6fbc2d5e7132
    Size: 810.26 kB
  15. httpcomponents-core-4.4.10-3.module+el8+1497+815c365f.src.rpm
    MD5: b8a3d96b174f00d7db95295c2f7266df
    SHA-256: 24deb818cf87bcf515657962e729c5e3d15d149a21a6a82b5627b58a242c7a39
    Size: 574.48 kB
  16. jansi-native-1.7-7.0.0.1.module+el8+1497+815c365f.src.rpm
    MD5: 7cda2aaf823c20a0ec935bf052040963
    SHA-256: 558f988049e1cb353f045eb522cfbe4209585ad7a63404d3e041d26f456acf55
    Size: 216.24 kB
  17. jansi-1.17.1-1.module+el8+1497+815c365f.src.rpm
    MD5: 9c5e8acafab65ef8528d8af7a86603bb
    SHA-256: b66bdc657abb8f9576dd60025da11ff4ece6ad0e0bdafc9fd6c2ade0b3acc853
    Size: 275.16 kB
  18. jboss-interceptors-1.2-api-1.0.0-8.module+el8+1497+815c365f.src.rpm
    MD5: 73c6b94cecf6c2ddcd0af9b66bf81d4b
    SHA-256: 44ac9a576cf01ff44c95ad3e5ebf04a99ac9fe2ad5a03d7ced35ea4f3e5b9f47
    Size: 21.75 kB
  19. jsoup-1.11.3-3.module+el8+1497+815c365f.src.rpm
    MD5: 65a042bf2bf6c35d39a9f265519884c8
    SHA-256: a3d6c7ff50fbbbe6a1ec7f08eb4a4536cd0392498467cb3766e33bee99883f48
    Size: 240.97 kB
  20. maven-resolver-1.1.1-2.module+el8+1497+815c365f.src.rpm
    MD5: 463c13ac96e0cd6d9373b532add5268d
    SHA-256: 6ae5136960489dd559cc9c7456253b81c4d36fbbfc96d771356510b00025b716
    Size: 932.99 kB
  21. maven-shared-utils-3.2.1-0.2.module+el8+1497+815c365f.src.rpm
    MD5: 6ae1cc5ca38a3075c278c443fa5adcde
    SHA-256: 9b2485a0c2bfa93eb03be09e988b1fb0a663d293c0e2e8d862fd7e89f1a2230f
    Size: 243.75 kB
  22. maven-3.5.4-5.module+el8+1497+815c365f.src.rpm
    MD5: d8f2f3758d6bd81f4f47fcf5aadbde8a
    SHA-256: 4501e100fcb0b4899c8bdefda1eda5529ce56e9d33821153d138306728bfaf4f
    Size: 2.59 MB
  23. maven-wagon-3.1.0-1.module+el8+1497+815c365f.src.rpm
    MD5: 9741c5bea2897edbe9c32a326ae115d2
    SHA-256: 50662b576b2f0484bd8ec2a668a6729b5bfdc168a03052c9eb11197a9c08a80c
    Size: 477.84 kB
  24. plexus-cipher-1.7-14.module+el8+1497+815c365f.src.rpm
    MD5: 36054178a989172b381f556e7003b6ea
    SHA-256: 5b3245c163b450491b8b43340fca1c8d3a15504de4f433a9505fff0c662bafd0
    Size: 26.29 kB
  25. plexus-classworlds-2.5.2-9.module+el8+1497+815c365f.src.rpm
    MD5: 9969913255c08b766aaf7246e67cc4a2
    SHA-256: 1865ccc62c5f1a5d368ba4a4d8b7c2cab582d13874d2991f917526f6e52006cd
    Size: 65.26 kB
  26. plexus-containers-1.7.1-8.module+el8+1497+815c365f.src.rpm
    MD5: 7c6c6bb3a7eca55a3deff87ca1666c39
    SHA-256: ca38af7fbf9fc4aa2fb711b2d618f2b4e36998f690e2012aeffe314aa75ee9c0
    Size: 363.76 kB
  27. plexus-interpolation-1.22-9.module+el8+1497+815c365f.src.rpm
    MD5: 8d9b926cc698eaef1444e4b0758c7710
    SHA-256: 7d29c59d62321223d5730e2f072934443e4647d00108e73f8f4d21b842590612
    Size: 66.88 kB
  28. plexus-sec-dispatcher-1.4-26.module+el8+1497+815c365f.src.rpm
    MD5: cf80fe6b6a43421d1a9a81b957647d98
    SHA-256: dda299d4e816a4bd2e9ae45c42c6610ab50e99dd902fe25317eeb86cd3c5448e
    Size: 22.51 kB
  29. plexus-utils-3.1.0-3.module+el8+1497+815c365f.src.rpm
    MD5: 22f8831c2438a3c4e10adcac7c40e9f2
    SHA-256: 86597e325ff1814f5fa7d06e12a682dcb46f318dd8daa2f7f693c29ab19ac777
    Size: 435.91 kB
  30. sisu-0.3.3-6.module+el8+1497+815c365f.src.rpm
    MD5: 31a6c5770886af384042e5fe436b2113
    SHA-256: fd8c1d1b8f41ee9dd94a4181a3de28da2a1e18cc9a4ddd18584bca11d85de72a
    Size: 589.48 kB
  31. slf4j-1.7.25-4.module+el8+1497+815c365f.src.rpm
    MD5: 197f3712fad2145388fa2783bc824926
    SHA-256: e74144f4747477181d30bbc3187acad9672b4a5ca206a031117ac59570ec41dc
    Size: 3.29 MB

Asianux Server 8 for x86_64
  1. aopalliance-1.0-17.module+el8+1497+815c365f.noarch.rpm
    MD5: 69ed46567e09840b075859ca600a9eb6
    SHA-256: 113c79fe1e84f7ef150bd4957029fa40f2c0c971e2615d0610950fa897a0a388
    Size: 15.94 kB
  2. apache-commons-cli-1.4-4.module+el8+1497+815c365f.noarch.rpm
    MD5: 5ce9435d6784f77131cb33c27594f112
    SHA-256: 7b75534909424260ebce8241f60df42cddb7d1ae62d7288fe4df1a31f45fd9a9
    Size: 72.70 kB
  3. apache-commons-codec-1.11-3.module+el8+1497+815c365f.noarch.rpm
    MD5: 12bec1ad09f6e79352b0d09e661a269f
    SHA-256: 49cc130b393c0e5179fce2c4211b333e20c8f46645e6e6f5d27e8529fc41f5f8
    Size: 287.45 kB
  4. apache-commons-io-2.6-3.module+el8+1497+815c365f.noarch.rpm
    MD5: 391db25437db9b68b13f012ff0490c79
    SHA-256: 757adde96e0e3f3bc148ea1ed39545b5f376312fa336a2fd76a6f28dc1ebc685
    Size: 222.44 kB
  5. apache-commons-lang3-3.7-3.module+el8+1497+815c365f.noarch.rpm
    MD5: e650621dd907fef06ea5b2ba2eb036ba
    SHA-256: 065315e8fc94ea22e2b5a0bcf20151572774c3f6f9d81410ffc9417f61ae13f9
    Size: 481.55 kB
  6. apache-commons-logging-1.2-13.module+el8+1497+815c365f.noarch.rpm
    MD5: 4c99e557e6998809fe8533961deb0127
    SHA-256: 14bb5704fe27e64a2f1a681a125300c3e4f2a2a46843616a5c1ccbbca8024ab9
    Size: 83.96 kB
  7. atinject-1-28.20100611svn86.module+el8+1497+815c365f.noarch.rpm
    MD5: 12e9d42a4e9fc972d151a77a7beb7c57
    SHA-256: 9dc93fcb7c7bd826a6a65973a8c213c98894d784d5a3324d237dfd3b54b2b96f
    Size: 18.92 kB
  8. cdi-api-1.2-8.module+el8+1497+815c365f.noarch.rpm
    MD5: d0ee824fc4c37cb0a0f9a0f2acb72e6e
    SHA-256: 819099411fa3d4ad46eec09ab697f5a746c02197f46add5795e4ce3ef72b650d
    Size: 68.48 kB
  9. geronimo-annotation-1.0-23.module+el8+1497+815c365f.noarch.rpm
    MD5: cbcdf850b5c9020d41dfb8e95ff9f0be
    SHA-256: a8c953a605adfad445bddc3dae70e7f1f613664c2964c85ce07434e04dbac6ab
    Size: 24.03 kB
  10. glassfish-el-api-3.0.1-0.7.b08.module+el8+1497+815c365f.noarch.rpm
    MD5: 351512c7dc2252853bc90f369112860c
    SHA-256: 5f55c5c6d7477a65f747ef94c77fa288b856c4a6d9239e91a61cc4ff291b3c4a
    Size: 103.80 kB
  11. google-guice-4.1-11.module+el8+1497+815c365f.noarch.rpm
    MD5: 7db7e67afb346c1cbc35303fa8524669
    SHA-256: 631888e40865c71c25b5fd7f964526294a34a5e1cb190f32c0d61f2b7ea75121
    Size: 469.49 kB
  12. guava20-20.0-8.module+el8+1497+815c365f.noarch.rpm
    MD5: 8618294793a3c053c9898021cfaf46cc
    SHA-256: 97eeaad497ca6f4ae8a9c3e99a22c0dc7fe67a662e4fbe727958ce7a0d9e9f0d
    Size: 2.06 MB
  13. hawtjni-runtime-1.16-2.module+el8+1497+815c365f.noarch.rpm
    MD5: 4b510042dd78ef89f2bef2346158c60d
    SHA-256: b45adf76f9c21a0e003b9b9c7095be220d13caa1322fbe82169da77102ce8783
    Size: 41.79 kB
  14. httpcomponents-client-4.5.5-5.module+el8+1497+815c365f.noarch.rpm
    MD5: 53d44f3b35db9120d2cca10266bc11bc
    SHA-256: 4b7ce3e9c0abbf119e9b00be11b8693a0b0af2d6fbb92942df73eb12e80429ed
    Size: 716.75 kB
  15. httpcomponents-core-4.4.10-3.module+el8+1497+815c365f.noarch.rpm
    MD5: 7f3922e4d0d1cd1ed591916719d08da2
    SHA-256: 6bb177da4eb8c4b6d9649eaec1d5b3516a62f7454849f34f6eadea3b637c859d
    Size: 636.17 kB
  16. jansi-native-1.7-7.0.0.1.module+el8+1497+815c365f.x86_64.rpm
    MD5: a1e259cf9c037704b6609a2342f12652
    SHA-256: 702add6138d3239c4838170c306baa0191ec0a4451b191f66a1e14971f511f2f
    Size: 73.78 kB
  17. jansi-1.17.1-1.module+el8+1497+815c365f.noarch.rpm
    MD5: a65b5a1b23786dbc818c3eaea3e11cd7
    SHA-256: 8b20e9ddc0b6ae26d2dc7728cc8e58a6fdee90b4f91719604806ca29c608d871
    Size: 77.66 kB
  18. jboss-interceptors-1.2-api-1.0.0-8.module+el8+1497+815c365f.noarch.rpm
    MD5: c34e86e14b2491f900e0c688325b4487
    SHA-256: 81ee3764c1f4f915e97c8fe372dca064f0543897ecff196e3d7e83d3471cbece
    Size: 31.97 kB
  19. jsoup-1.11.3-3.module+el8+1497+815c365f.noarch.rpm
    MD5: 13e25ea0c6c5068422fc587bd957fc63
    SHA-256: 5a64de52a200c55a1b4fef55f7ce39ca35584772eecbdab04bae4a5c5d368d42
    Size: 384.93 kB
  20. maven-resolver-api-1.1.1-2.module+el8+1497+815c365f.noarch.rpm
    MD5: 3e572c02e4e39e0e7ff431357b7b7884
    SHA-256: af388d6475bb52aa9242193b42cae42d70012eace5f90e9a279bf06b3efddec4
    Size: 136.92 kB
  21. maven-resolver-connector-basic-1.1.1-2.module+el8+1497+815c365f.noarch.rpm
    MD5: 7f223c8331a39c3122a902ef19f9c1db
    SHA-256: cc1d60b1e967b5b6bfed78bf03f66172b042fdabfdedab9e0e3f03a3b8fd7753
    Size: 49.40 kB
  22. maven-resolver-impl-1.1.1-2.module+el8+1497+815c365f.noarch.rpm
    MD5: 8410da3086662c8e63d060087bb08188
    SHA-256: 84a0e5a2ee49f4fbaa1fa48cc84bdc5cfd6742d63f024641989a474d1dc27df8
    Size: 175.75 kB
  23. maven-resolver-spi-1.1.1-2.module+el8+1497+815c365f.noarch.rpm
    MD5: bc85f7b76d4b9dff0f8cfd2473d12a0b
    SHA-256: 4ed7f9715791bf9ad7ea3814827e1aacddd821e2f97e052b619b820da9ea4f8e
    Size: 39.15 kB
  24. maven-resolver-transport-wagon-1.1.1-2.module+el8+1497+815c365f.noarch.rpm
    MD5: 700d555f6b68785e8971d5d478b69c38
    SHA-256: 8e33eb2a952b84dee8a4842db574fe43dd25929bb0ebb82e28b7196e61cc0d2b
    Size: 37.92 kB
  25. maven-resolver-util-1.1.1-2.module+el8+1497+815c365f.noarch.rpm
    MD5: e691eac3f14fdf391f257ae5abeb8558
    SHA-256: d9997d0347793c5f3bb524bd98fc91f23c852d321dc43727c01de5f0b7165acd
    Size: 146.87 kB
  26. maven-shared-utils-3.2.1-0.2.module+el8+1497+815c365f.noarch.rpm
    MD5: ee3f7f8cc207f7b170260cb14979b429
    SHA-256: fd12f0dfe42277d0881c74ef33e14042afc53ef822011b88e6f45887f9216a41
    Size: 163.98 kB
  27. maven-3.5.4-5.module+el8+1497+815c365f.noarch.rpm
    MD5: 6c270937e25013cfa5b53359d61d2615
    SHA-256: 6433c75845fd014512cfb18b6846347becff0a8fe4b8b9409fd6d65693296f60
    Size: 25.97 kB
  28. maven-lib-3.5.4-5.module+el8+1497+815c365f.noarch.rpm
    MD5: aaafa9af6222ec23bd53a5d3e4ad2983
    SHA-256: 91b1fe386afcfa9b74c908a49feb9ddf3bd449e3002c3e5bbab874ec597d42de
    Size: 1.43 MB
  29. maven-wagon-file-3.1.0-1.module+el8+1497+815c365f.noarch.rpm
    MD5: 2c3f48f78a627e802f2c6b3f5a723fc7
    SHA-256: 67e97fbfe1ee551e5e54ba8e8caddae519e13bca9cc955eafb21ad2264ec64b0
    Size: 24.91 kB
  30. maven-wagon-http-3.1.0-1.module+el8+1497+815c365f.noarch.rpm
    MD5: a04543442165ce5603990cd045bc450d
    SHA-256: 858f56cf1895390145637d09f0be1b4990d6cf5dadd197ca3c102131e15040be
    Size: 25.60 kB
  31. maven-wagon-http-shared-3.1.0-1.module+el8+1497+815c365f.noarch.rpm
    MD5: 364d5b9dea21f5755515f33cf7df468a
    SHA-256: ebebd9cf5ae00de6e70cb84dd5898983e91d5131df348cd6e60a79488f8004be
    Size: 47.94 kB
  32. maven-wagon-provider-api-3.1.0-1.module+el8+1497+815c365f.noarch.rpm
    MD5: aba12792aa9a3296774a6374e8dc39b1
    SHA-256: 9a7fcc83cf5343a758625258019454e57dc4260b250ec87fd5f4af7546e9bf24
    Size: 62.00 kB
  33. plexus-cipher-1.7-14.module+el8+1497+815c365f.noarch.rpm
    MD5: f15709eb8cbe732cece0e18252b105e3
    SHA-256: bebad1721beca4f0a9b88549b0997d08f925712456fd3f14e0e8547cc82a3c0e
    Size: 27.56 kB
  34. plexus-classworlds-2.5.2-9.module+el8+1497+815c365f.noarch.rpm
    MD5: 782cae8fef4da2cd9464af4fedc16d1a
    SHA-256: f2531064e4c54eef4157fd7116ab84cd4a85fa7e60f96bbae57d2f5c6b3c93b5
    Size: 63.69 kB
  35. plexus-containers-component-annotations-1.7.1-8.module+el8+1497+815c365f.noarch.rpm
    MD5: 900d6e39df05c31c8ae63a5b7b51317c
    SHA-256: 849dbea01bd32c582723926c4b6c27451538c230fb72990938681b9d2d1667f8
    Size: 22.49 kB
  36. plexus-interpolation-1.22-9.module+el8+1497+815c365f.noarch.rpm
    MD5: 39dc8877fcf6aec2be196a502a5b897e
    SHA-256: 51c3450f1e163d121291a136f427ef689287ecc93ca51aa90df10444b9b982bd
    Size: 77.61 kB
  37. plexus-sec-dispatcher-1.4-26.module+el8+1497+815c365f.noarch.rpm
    MD5: 55777a40f396dc9e30595ae11a2dc527
    SHA-256: fcb4f0726df5c5d3216daa63a91f705677f892667ff2dc7f70492dd241a15aac
    Size: 35.33 kB
  38. plexus-utils-3.1.0-3.module+el8+1497+815c365f.noarch.rpm
    MD5: 3dd4a03cf06ab668e0f9d2d494bdbf2a
    SHA-256: 082b11c859ff5bfb61a7e7fb71ec2d98112ef1ef27403b31a1fb0d83af5d7b1b
    Size: 257.70 kB
  39. sisu-inject-0.3.3-6.module+el8+1497+815c365f.noarch.rpm
    MD5: c3e0db2edbc3b49d97b9dcdf4146f78a
    SHA-256: 8310469446ad583925b191869b90ea5b57e6ec24765ff72d1a621b9c4e11f9cd
    Size: 337.45 kB
  40. sisu-plexus-0.3.3-6.module+el8+1497+815c365f.noarch.rpm
    MD5: c54e97a0ccb6296ee9751aa70a3ca460
    SHA-256: 7fb3be8a76fa9ffa2456e1dab9994c9cdb179297a7c0b6b5e204ac3fd1cc7ade
    Size: 178.77 kB
  41. jcl-over-slf4j-1.7.25-4.module+el8+1497+815c365f.noarch.rpm
    MD5: e06310fa47c9e61f4b0aa387be5c0eae
    SHA-256: 985d84bf7be4dcf67910e3443215d40597d585cb3d05e7c8d9c68458e34f9f16
    Size: 30.43 kB
  42. slf4j-1.7.25-4.module+el8+1497+815c365f.noarch.rpm
    MD5: 4ea6e25631c1937dee86aae0dae838f7
    SHA-256: 8e99b97cb27d6936c5bc625379046cb3b06b84d2c52d709cc6145e273cba61d1
    Size: 75.59 kB