maven:3.5 security update

エラータID: AXSA:2022-3572:01

リリース日: 
2022/08/03 Wednesday - 12:13
題名: 
maven:3.5 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- maven には、ライブラリに java.net.URI オブジェクトとして渡された
リクエスト URI に含まれる不正な形式の権威コンポーネントを誤解釈する
欠陥があり、意図しないサーバーでリクエストが実行される脆弱性が
あります。(CVE-2020-13956)

Modularity name: maven
Stream name: 3.5

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. aopalliance-1.0-17.module+el8+1444+6d953fef.src.rpm
    MD5: bf40f14060b3262bcd399945c852b6fd
    SHA-256: 7ded980e1933b1c7d0a5dcf55820e775b42bb0d87fc10be96ca80ed1232b5c2c
    Size: 21.42 kB
  2. apache-commons-cli-1.4-4.module+el8+1444+6d953fef.src.rpm
    MD5: 32226c57a838b29e35a1b5315fc9fd76
    SHA-256: ecf283d1bd5857cb28293cade7d8f306f6f8b8641d899dace6694927d87830c3
    Size: 157.74 kB
  3. apache-commons-codec-1.11-3.module+el8+1444+6d953fef.src.rpm
    MD5: f8d4f04120fa0cdab305d2a1503c1810
    SHA-256: 413933fa783df917667a79f689a14701de5f28540c864aeef84f652a7c01de90
    Size: 378.30 kB
  4. apache-commons-io-2.6-3.module+el8+1444+6d953fef.src.rpm
    MD5: c87156d4b09a4d84657cae3f9c65e6ff
    SHA-256: 3776786a699193ce45220665ba8c8ecf84e8886a422d931360dab244d9cc3277
    Size: 386.45 kB
  5. apache-commons-lang3-3.7-3.module+el8+1444+6d953fef.src.rpm
    MD5: 74370411bc1a92b9d339c8b6f05fe52d
    SHA-256: c0bcf018f73c64c402d974b8f027c253d05e97e0a625ba06bdc4ac09b1e3d4f5
    Size: 854.00 kB
  6. apache-commons-logging-1.2-13.module+el8+1444+6d953fef.src.rpm
    MD5: 01d44f7fa35bb4daf33e5527493e4d67
    SHA-256: 21dfa8ee91a4ca79ba4870509c77af2e0ff0e09fa94908ff8b586e45c6db6836
    Size: 205.26 kB
  7. atinject-1-28.20100611svn86.module+el8+1444+6d953fef.src.rpm
    MD5: b08f9f4a9966ed62d7e9b2fb8247d550
    SHA-256: 3de4a49a64ed6fb4cb76bac75ace1b086dd62f8cfebb0444db4c6c1c3de6867e
    Size: 33.35 kB
  8. cdi-api-1.2-8.module+el8+1444+6d953fef.src.rpm
    MD5: 452e1de25761ee24fdd64c7367a09584
    SHA-256: 551fa0659015b9c4ce317f7e1aaaac3464dacf9f5f637166bf577e52239ef04e
    Size: 143.75 kB
  9. geronimo-annotation-1.0-23.module+el8+1444+6d953fef.src.rpm
    MD5: e8ae140a2703594d0fcc8f4ce31758b8
    SHA-256: cf2ecbce73b90fe91022ef14c17ac36bf8a756ceb4d7e01d45b5c431ca97aeeb
    Size: 26.90 kB
  10. glassfish-el-3.0.1-0.7.b08.module+el8+1444+6d953fef.src.rpm
    MD5: 96c8100a4161e7187f78c6e07ec9f69b
    SHA-256: 9ece5852d58bae8aeb946bc68af518c00ff4b490037cc67b7343c9165d8ec5f0
    Size: 116.05 kB
  11. google-guice-4.1-11.module+el8+1444+6d953fef.src.rpm
    MD5: dfefcd117235caa22f25f331e41fce13
    SHA-256: a9e6231684d07477387b96749231dd1c4a8fcdae21d35d1d092f4f51ce919da7
    Size: 374.58 kB
  12. guava20-20.0-8.module+el8+1444+6d953fef.src.rpm
    MD5: 49f8407597c86bc8ee96469af77854f6
    SHA-256: 30dd1faa6632f5965a06a2a4136ef6a32c26c82c3d5816f3e43ce3163be59640
    Size: 2.31 MB
  13. hawtjni-1.16-2.module+el8+1444+6d953fef.src.rpm
    MD5: 584aabffa5ed9c9665d721ec262b1ae9
    SHA-256: d6065e3fed2e2e1f7a2f5b40fc180cd8c2c3c144ba251edaf7768e921fd443e2
    Size: 1.55 MB
  14. httpcomponents-client-4.5.5-5.module+el8+1444+6d953fef.src.rpm
    MD5: 425ea8d1d62667d4e523936f383032eb
    SHA-256: f9752a0925ecc31c2c645e7e01f84ee5a16cbdfd6a9af182146ed74fc2d71b9e
    Size: 810.26 kB
  15. httpcomponents-core-4.4.10-3.module+el8+1444+6d953fef.src.rpm
    MD5: ad2fd744ba71e8b0fc6c83b06477f16c
    SHA-256: ccd1e45608a9dbe3817b746fe1a118377fcac40ca647c1b4be8dfe089be67b01
    Size: 574.48 kB
  16. jansi-native-1.7-7.module+el8+1444+6d953fef.src.rpm
    MD5: eaf7da60b90f73d238bbbf01c86dc476
    SHA-256: 1fdbd4e0668704600024a8508b4884487a0a11e94669e9277402c80e22ef054c
    Size: 216.08 kB
  17. jansi-1.17.1-1.module+el8+1444+6d953fef.src.rpm
    MD5: 2a4a6af329781979906907309d5b72ff
    SHA-256: 3233e35d236c2cedc3d82ad91fc2cb35c23368c49247a6fa20fb74b086bed821
    Size: 275.16 kB
  18. jboss-interceptors-1.2-api-1.0.0-8.module+el8+1444+6d953fef.src.rpm
    MD5: bd2946799da698c0b959e23e87424b54
    SHA-256: 0f4128901eb1043e931f495fee7edf14b117aa67b2aaaed939f83bbf39719a24
    Size: 21.75 kB
  19. jsoup-1.11.3-3.module+el8+1444+6d953fef.src.rpm
    MD5: 5f75f9ab0c776872ccaaa2c74a52d7f4
    SHA-256: c4fd4c19e345ca2636428b3f4b68500c8d696a912d3e06ceb64b1006b8b9d514
    Size: 240.96 kB
  20. maven-resolver-1.1.1-2.module+el8+1444+6d953fef.src.rpm
    MD5: fadff4d2bf749302c04a1173a9cdbd83
    SHA-256: d7208f92f331008237bc36b136fce5543703f665f11671da3755e4a63ecbdbd2
    Size: 932.99 kB
  21. maven-shared-utils-3.2.1-0.1.module+el8+1444+6d953fef.src.rpm
    MD5: 30bc501b4e031a585acb0da120e170ad
    SHA-256: 26b2066c6248aec0f1d7c7c7da7e8212e971195869145389fba5902a42bb29af
    Size: 240.31 kB
  22. maven-3.5.4-5.module+el8+1444+6d953fef.src.rpm
    MD5: 252acc962e8a56d69d45f176ab6f4d35
    SHA-256: 9b851748f3697b79b988a178d6d7fb8acbe3a5b61e4be9547663c1e68cd2ea84
    Size: 2.59 MB
  23. maven-wagon-3.1.0-1.module+el8+1444+6d953fef.src.rpm
    MD5: f8b85e601b957300c6a2fe1393c81a12
    SHA-256: 748b6cfadcb3b9b7419d1d8b7f7e4336f73c71e494c50e6298162de1ee1d82a0
    Size: 477.84 kB
  24. plexus-cipher-1.7-14.module+el8+1444+6d953fef.src.rpm
    MD5: 79da6f95ba4b457ade3a348cc7db2a62
    SHA-256: 184374378118a1017bb03e64a894a1b4b1210c3a38aae5e4ec0b067dc502dfbe
    Size: 26.28 kB
  25. plexus-classworlds-2.5.2-9.module+el8+1444+6d953fef.src.rpm
    MD5: 139490956ededdb0eca660e304f6cc31
    SHA-256: 06e970b760e19b8ccd76c1c775930044a9385ce5230110ee97c4d8c2c3271c63
    Size: 65.25 kB
  26. plexus-containers-1.7.1-8.module+el8+1444+6d953fef.src.rpm
    MD5: 98f82cacf96c33b374f41db66f2f165f
    SHA-256: 71c4545d3fe6dda06f680ce64b8e704eb24a17af83982f17f1383734c4403310
    Size: 363.75 kB
  27. plexus-interpolation-1.22-9.module+el8+1444+6d953fef.src.rpm
    MD5: e436ab448f8ff85fe2575b99ba944c2e
    SHA-256: 2fcd3aec4a8314f9f2a53de86cae7c0a64812c0090a63a05bdd3392e1b4ff58d
    Size: 66.88 kB
  28. plexus-sec-dispatcher-1.4-26.module+el8+1444+6d953fef.src.rpm
    MD5: 27d09c76cb5b06a7166ad8029bd498d8
    SHA-256: dd86eb0ad2faaa4e5dbd5f627381183c96b9894f49a31513cc60555a1c794450
    Size: 22.51 kB
  29. plexus-utils-3.1.0-3.module+el8+1444+6d953fef.src.rpm
    MD5: 6067edbf30c5957697ae256921c0dba0
    SHA-256: d6797dfd2efebd3826dfb3c68428897f01683daf38d3c5336db5529cbc026899
    Size: 435.90 kB
  30. sisu-0.3.3-6.module+el8+1444+6d953fef.src.rpm
    MD5: 1dd0cbb0afc4f9cb540197ad205c6f1c
    SHA-256: 90908c7fd6daec8ec4df0c440bce86f6289692ea0650e4be5abaf3a29f4a859b
    Size: 589.48 kB
  31. slf4j-1.7.25-4.module+el8+1444+6d953fef.src.rpm
    MD5: c6e8626d2e5a7f971598f863dfc37b7d
    SHA-256: 29a10929cfb6889645fe7deae2b37eae7fb24568e40522ea858db7a3d3507626
    Size: 3.29 MB

Asianux Server 8 for x86_64
  1. aopalliance-1.0-17.module+el8+1444+6d953fef.noarch.rpm
    MD5: 4fe381750333a341c5ac7e971d92cb28
    SHA-256: b5e8e1d83cfc9eed58a9ef99e1cb67a497ce3fe0852873b9cab78a92cf207454
    Size: 15.94 kB
  2. apache-commons-cli-1.4-4.module+el8+1444+6d953fef.noarch.rpm
    MD5: 895cbc1f8be722616b71df889605660d
    SHA-256: 4777e240ef2bed251b9ede415c7b7545c87394027dec78c3357c87d42700b81f
    Size: 72.68 kB
  3. apache-commons-codec-1.11-3.module+el8+1444+6d953fef.noarch.rpm
    MD5: 12dbcb4050592767d231b3622e5b2339
    SHA-256: d72bac9fd8fd3668fc15f837cdb58c6d226e2e9a97cd75092bb3acf3a5f4c40e
    Size: 287.40 kB
  4. apache-commons-io-2.6-3.module+el8+1444+6d953fef.noarch.rpm
    MD5: a30a8782064157ad9bf7dd1292e2c2c4
    SHA-256: d87f1eda76a8194e45c6951451b74d55f1671144effbabc4e5c099ee062aa367
    Size: 222.48 kB
  5. apache-commons-lang3-3.7-3.module+el8+1444+6d953fef.noarch.rpm
    MD5: edb2344c259c2e5ef14d9845c689e95a
    SHA-256: 5f8b82baf503c36daa8da3d67c4a9373d1fb6cb11f4e5cfdfe00dfb23f8e0581
    Size: 481.62 kB
  6. apache-commons-logging-1.2-13.module+el8+1444+6d953fef.noarch.rpm
    MD5: 11d9a5f3dfceed31141a055e85f15f0e
    SHA-256: 1479910c670781f316d1da9bb4cdefc03e75e6b0fda92fd41e3daefb5092140f
    Size: 83.99 kB
  7. atinject-1-28.20100611svn86.module+el8+1444+6d953fef.noarch.rpm
    MD5: 5e8788e006e2fcafd107e560a3e12a5b
    SHA-256: e9babf378350011e684c2c50111dece96685cdcce65d4fb5674f4f33be7c695c
    Size: 18.92 kB
  8. cdi-api-1.2-8.module+el8+1444+6d953fef.noarch.rpm
    MD5: ee19631180dd6dd5bc9c267204803512
    SHA-256: cdbc3823282499080ed6d63c84acaca1869bd7df3daf7f7f73e08335e7d8d902
    Size: 68.45 kB
  9. geronimo-annotation-1.0-23.module+el8+1444+6d953fef.noarch.rpm
    MD5: 2460e3ee52e8d5a77a8556ef636585c3
    SHA-256: de38fe42391e27a9092cb8964c4f9186cd4b9e8ddf7f88afc87054a67db2cb85
    Size: 24.03 kB
  10. glassfish-el-api-3.0.1-0.7.b08.module+el8+1444+6d953fef.noarch.rpm
    MD5: e232851b55caff215238e74a1634cc78
    SHA-256: be0889e60ff5032aef133f30fb72f7151b294789090c716d0ba25d9280bbdd32
    Size: 103.83 kB
  11. google-guice-4.1-11.module+el8+1444+6d953fef.noarch.rpm
    MD5: 4582b581cd3b65eefc6b04926cbfa0e5
    SHA-256: 9961132403a36ca22efeb27eff2cbb2159ea6f10ec379d42964b0e971846fcb9
    Size: 469.31 kB
  12. guava20-20.0-8.module+el8+1444+6d953fef.noarch.rpm
    MD5: 5fbd01f7f06b5bfea92ef469f4566189
    SHA-256: 867b535455671a500c0ee195697a3425ca8540834a06fe31bfe1c674fe6eded7
    Size: 2.06 MB
  13. hawtjni-runtime-1.16-2.module+el8+1444+6d953fef.noarch.rpm
    MD5: da5cc216956633f366f49e12ebab925d
    SHA-256: 2b6d54dd32c968c580cab95435ec5c58016bddb8690de2d0917408b9d7f9952b
    Size: 41.79 kB
  14. httpcomponents-client-4.5.5-5.module+el8+1444+6d953fef.noarch.rpm
    MD5: 21e4fe45869266612d5346ee2c1cc9e3
    SHA-256: ad0b34575c51143644d706ae50fcb0f3a3fe9d9411922b2c8a5290cc16d0726c
    Size: 716.94 kB
  15. httpcomponents-core-4.4.10-3.module+el8+1444+6d953fef.noarch.rpm
    MD5: bee7b86096d87312071a70e858b7731f
    SHA-256: f103e74e1c7ab6263fb79de4c7f6914d9f7d81930497fcbc17b2669357f63bdb
    Size: 636.34 kB
  16. jansi-native-1.7-7.module+el8+1444+6d953fef.x86_64.rpm
    MD5: d8c6069b8827af26872eb846a8a32b65
    SHA-256: 177bdea27c499ec7423692a19c67f29fd10c687cb9feba90a0286aaacafea994
    Size: 73.66 kB
  17. jansi-1.17.1-1.module+el8+1444+6d953fef.noarch.rpm
    MD5: 940d0d52835268e43f22e5ed8b43512f
    SHA-256: 94a37c82cbba8965351a98f3e60578d2ebb4af6646e7f925aad66c7d4639220c
    Size: 77.67 kB
  18. jboss-interceptors-1.2-api-1.0.0-8.module+el8+1444+6d953fef.noarch.rpm
    MD5: 713fc4eae4447560d42d67c7996ff960
    SHA-256: 85c8ea8532d7bbbbb07714907d2dbab8ebbc850b64e8e7e830abcdf30d5ed7ce
    Size: 31.98 kB
  19. jsoup-1.11.3-3.module+el8+1444+6d953fef.noarch.rpm
    MD5: 8580b9b7c287d0ca1e5e0acf516ef330
    SHA-256: b96b5ab270c543cffedb5ae0cb802be5c1bf445f85bd44cbc035b1f85db8376e
    Size: 384.83 kB
  20. maven-resolver-spi-1.1.1-2.module+el8+1444+6d953fef.noarch.rpm
    MD5: 01b267474f691f3252bbff45755d68fc
    SHA-256: 5f3087d4fc81e89d25399da631f3db6cd9a4a6080fea3754dd6d94553e7fa518
    Size: 39.15 kB
  21. maven-resolver-connector-basic-1.1.1-2.module+el8+1444+6d953fef.noarch.rpm
    MD5: 38e0bfc7dc67bc4788567d7b1b57fcd4
    SHA-256: 89c5942ec890bb952d62702ba1186678a481ca9c8ac6464b19c375e1da63bce6
    Size: 49.40 kB
  22. maven-resolver-impl-1.1.1-2.module+el8+1444+6d953fef.noarch.rpm
    MD5: 6c3f3ad76ff90eeb160afd9fc75e34ce
    SHA-256: 036b21a8b87ca7124009150834f19720b14430cf1e229b47507660844eb55949
    Size: 175.73 kB
  23. maven-resolver-api-1.1.1-2.module+el8+1444+6d953fef.noarch.rpm
    MD5: 1d1d389afea0787684ea6007204d411b
    SHA-256: 19b37341fc8d537bb0d2b8824738b6e8a9554f760620d96d512cece7f5f52f40
    Size: 136.91 kB
  24. maven-resolver-transport-wagon-1.1.1-2.module+el8+1444+6d953fef.noarch.rpm
    MD5: 7e1cfddcc5365e53ae3c3bfac0c73f31
    SHA-256: b6af0af9abb7441f6eb6618ba6628c24c859ba0c2a9a1d998dc29eb09a04ff95
    Size: 37.91 kB
  25. maven-resolver-util-1.1.1-2.module+el8+1444+6d953fef.noarch.rpm
    MD5: 1b24eff9f6231c90e0313dadfdb8cb19
    SHA-256: 284ffc6099e89d4dd504c8c362b9abfa9181851bf3ef80ab8f1928afd929956b
    Size: 146.87 kB
  26. maven-shared-utils-3.2.1-0.1.module+el8+1444+6d953fef.noarch.rpm
    MD5: 5dcd86ecdf5806972f0b6d371a9cf6ee
    SHA-256: aa36d696a280ac647edfc211c97402c62330e086f47d150221154a20b1769cbc
    Size: 163.82 kB
  27. maven-lib-3.5.4-5.module+el8+1444+6d953fef.noarch.rpm
    MD5: 0bb46c86f84ab81f7158142f47e85baf
    SHA-256: 00de2d2e120b03111fea3c5ff070c2ada68b8bd760b8b81cbc43fce39bb3329a
    Size: 1.43 MB
  28. maven-3.5.4-5.module+el8+1444+6d953fef.noarch.rpm
    MD5: aed5883c6a462780b24807c615041c90
    SHA-256: 5f7a34c4cd5735cd5e5c84ff92c7bb802f846be5b76314020bb618872dc72e84
    Size: 25.97 kB
  29. maven-wagon-provider-api-3.1.0-1.module+el8+1444+6d953fef.noarch.rpm
    MD5: 2f0f52372f284326deb1ea091b375da8
    SHA-256: 5a0b2f8f858d3bb5901163a8a8facd6e520743c70455d71ea8d3690ce4fa310d
    Size: 61.99 kB
  30. maven-wagon-http-shared-3.1.0-1.module+el8+1444+6d953fef.noarch.rpm
    MD5: 05791240af00e61c03eccaa4716017f0
    SHA-256: f292259d749d0458c30091304be598de2ce443c63cc24f26d39940e5583b4317
    Size: 47.94 kB
  31. maven-wagon-http-3.1.0-1.module+el8+1444+6d953fef.noarch.rpm
    MD5: c726e0ef93acedb5598cee2dc3c34d8f
    SHA-256: caf89178223fe117dccc8b308137e330f80b6b6e1efee37ab19b422bb8f1d501
    Size: 25.60 kB
  32. maven-wagon-file-3.1.0-1.module+el8+1444+6d953fef.noarch.rpm
    MD5: 6de91bd35818c9a9544bf4fc0d8a445e
    SHA-256: 1a4d6d546dab7e380ccbd3f7074ff239bc8bf5c23b236fdae234e7e543d06a31
    Size: 24.90 kB
  33. plexus-cipher-1.7-14.module+el8+1444+6d953fef.noarch.rpm
    MD5: c70d0caff917044e63d2ebfc61e30dcc
    SHA-256: 7c6372a6b0abb9f64b276db215ebb1c93275128b4404595a148a3a5caaa630c7
    Size: 27.56 kB
  34. plexus-classworlds-2.5.2-9.module+el8+1444+6d953fef.noarch.rpm
    MD5: b8bd2c5a4f3c91472130a2c65fdc4c88
    SHA-256: af00b9ae09543d3177b1094f8989f1bd679018997c01d0fd2980b329b1b7bb4c
    Size: 63.69 kB
  35. plexus-containers-component-annotations-1.7.1-8.module+el8+1444+6d953fef.noarch.rpm
    MD5: 5c680ab9ffec387078a8d5acfa335a35
    SHA-256: 76f0b8ff8248e58b41e24b5bee443bae31258de675982897b393e8d255b45767
    Size: 22.50 kB
  36. plexus-interpolation-1.22-9.module+el8+1444+6d953fef.noarch.rpm
    MD5: 00d219edcf25a0382077500fce8b45c3
    SHA-256: a4ea233fba447decd661bd138db460cb024f394a23ff70daff7ff8f8ebfb19cd
    Size: 77.60 kB
  37. plexus-sec-dispatcher-1.4-26.module+el8+1444+6d953fef.noarch.rpm
    MD5: 391887da8709648eb9e1c98e84022b00
    SHA-256: f5f1dce6540f0fe9082a2816603905a94080209cc89220f6a5e715356e3af81b
    Size: 35.33 kB
  38. plexus-utils-3.1.0-3.module+el8+1444+6d953fef.noarch.rpm
    MD5: 649173b84aaf538b10364e57413e85d6
    SHA-256: 02519bf1ba1406ad3267836c99f520891e31e22515c658c4a7ba692cc5ed1216
    Size: 257.75 kB
  39. sisu-inject-0.3.3-6.module+el8+1444+6d953fef.noarch.rpm
    MD5: 8d0e656c480e0e3483b5c48636f027fd
    SHA-256: 9fa77ddf417d8492f7f5c9f4ed8571620da856d1d26302445bc469a18494e66e
    Size: 337.39 kB
  40. sisu-plexus-0.3.3-6.module+el8+1444+6d953fef.noarch.rpm
    MD5: f070d7dc93bbfed87cd08436e363aac8
    SHA-256: 8852af8b8dcc203385a68fc9736f72a0dc32139b3d7d15d898b4b694c6bacb47
    Size: 178.68 kB
  41. jcl-over-slf4j-1.7.25-4.module+el8+1444+6d953fef.noarch.rpm
    MD5: 7f2dfe998485316a9935b7c58e970269
    SHA-256: 00371bbdce53bb126dfa79de972fb4f633d2d79871d53f98e1b99292f738bbca
    Size: 30.42 kB
  42. slf4j-1.7.25-4.module+el8+1444+6d953fef.noarch.rpm
    MD5: e316deaf1f33c3ae2915323723b156b7
    SHA-256: ad4c1ff4bef24bef127f46415c4da00139509c1b699ed49acec93d1bf67a7a40
    Size: 75.54 kB