maven:3.6 security update
エラータID: AXSA:2022-3738:01
リリース日:
2022/08/26 Friday - 12:04
題名:
maven:3.6 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- maven には、maven-shared-utils のコマンドラインクラスにおける
ダブルクォートで括られた文字列がエスケープせずに出力される問題に
起因して、シェルインジェクション攻撃が可能となる脆弱性があります。
(CVE-2022-29599)
Modularity name: maven
Stream name: 3.6
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
追加情報:
N/A
ダウンロード:
SRPMS
- aopalliance-1.0-20.module+el8+1496+9033cba1.src.rpm
MD5: e9a75ebc5ad43a9e5be3d4be630ed019
SHA-256: c0497e9b0eb40456e4bb88d8904c1ba86d5dad8f5d075493b89dd005a61184c4
Size: 21.86 kB - apache-commons-cli-1.4-7.module+el8+1496+9033cba1.src.rpm
MD5: 506b223028ac0bb6cf2d2c63289bfd3e
SHA-256: 883c0fae73b0cb26601b1de7f3ee020e03d93870de91291072b0ee9f516ff622
Size: 158.15 kB - apache-commons-codec-1.13-3.module+el8+1496+9033cba1.src.rpm
MD5: e37e4e663c8f3d546efaf01dacdd3733
SHA-256: 84ed2fc013780c8f7b5cb1ecdc41509a67d834dd912fbf497ede54eee79c1d8b
Size: 392.04 kB - apache-commons-io-2.6-6.module+el8+1496+9033cba1.src.rpm
MD5: 087df8ef19e5d2f481cfe533cd2e7181
SHA-256: 9aa3355490b1d286dc000da721d83ade35c85c1dfd513eb309cd63f5bfedfcd7
Size: 386.82 kB - apache-commons-lang3-3.9-4.module+el8+1496+9033cba1.src.rpm
MD5: ad4e890d4a4905ff06ce1bfa96eecab6
SHA-256: c83b4534877d8f62788f64648dcf703f885049f7cc804ad0652a20f2136d6bd9
Size: 0.95 MB - atinject-1-31.20100611svn86.module+el8+1496+9033cba1.src.rpm
MD5: 0debd8bb4c287e4d0dd949d2fd285554
SHA-256: f22a3af2727d2c520c4869485417fe73d29b81c52f4fa4c176b3476b2f6f0bf9
Size: 33.80 kB - cdi-api-2.0.1-3.module+el8+1496+9033cba1.src.rpm
MD5: 9acb9af49469ec48a4bfba1acf6a9024
SHA-256: 5dae46a5ccfef0c7270322e0804b8c6d54f57f26ba7926b2b86b705fe4374788
Size: 191.15 kB - geronimo-annotation-1.0-26.module+el8+1496+9033cba1.src.rpm
MD5: 36803b1a44666fdb728c7bbaa215b2fd
SHA-256: 34ac5a64bd35534d208f91c5f822441bf86926defc5289f5b746e63299fcc859
Size: 27.25 kB - google-guice-4.2.2-4.module+el8+1496+9033cba1.src.rpm
MD5: 220e1896b7b22698ddeea8ee998daf11
SHA-256: b87b271c7c091881487aa57d6a22a2325f812944cbba103deac3159622c1e2be
Size: 393.96 kB - guava-28.1-3.module+el8+1496+9033cba1.src.rpm
MD5: 448ed6670a3806817f3fef1d9891dbaf
SHA-256: c019b1a2b172edf073f5c3cb2382bdcdb2d2710c49d8a13295dbde6b41509580
Size: 4.85 MB - httpcomponents-client-4.5.10-4.module+el8+1496+9033cba1.src.rpm
MD5: 2360e1f1c84f353973e4e8cdf259c63a
SHA-256: 0a19b22aa3edcd2ef76bc610a6714e37b88879bcc28c9cb9f1dbc61f8ac076f6
Size: 821.82 kB - httpcomponents-core-4.4.12-3.module+el8+1496+9033cba1.src.rpm
MD5: 203bb604d773157f77e0187dda65097c
SHA-256: 883fea50c356b887df9b231c3a5b2b2166b7aa64a437fc76691e5e38ada5887f
Size: 569.22 kB - jansi-1.18-4.module+el8+1496+9033cba1.src.rpm
MD5: 7af4cdc0312a8bab59bd37b83e5123fd
SHA-256: 7337dde92d81593cb1de11625a8e7bcb6fdf47057db4d033ac8b93dda068e1bd
Size: 280.83 kB - jsoup-1.12.1-3.module+el8+1496+9033cba1.src.rpm
MD5: 5bc29c076768edeee875b4ce000ea9d3
SHA-256: 6a55244bc9cd2dc8282b09bbf3bf8c44b42714e3f421d0ac53897482d57cd7c5
Size: 243.72 kB - jsr-305-0-0.25.20130910svn.module+el8+1496+9033cba1.src.rpm
MD5: 9742a383fa731a37a2e39f293fa90677
SHA-256: 91db3b082649490e9ef596cbb4f975a8f25b8411c729ac2ee62b2eb9fd83ca16
Size: 50.59 kB - maven-resolver-1.4.1-3.module+el8+1496+9033cba1.src.rpm
MD5: 7113923d86a19eaa4a793bdf079985f9
SHA-256: a940d5dcb86bc17090cba618a02719ca650462a56b2a48288e7ddcca0f21ec01
Size: 935.42 kB - maven-shared-utils-3.2.1-0.5.module+el8+1496+9033cba1.src.rpm
MD5: ab061c95f5ef06f72df13405ce60b208
SHA-256: 4b41208d061fd5174ca4d9c91150fb39c3accac9c94b992baf337387cc1c8eb9
Size: 244.84 kB - maven-3.6.2-7.module+el8+1496+9033cba1.src.rpm
MD5: d71680569a45a7138ba6afb64025780f
SHA-256: 0552e7f8ca80413a8e7f104bf34bb75af31c6d3b4778256cbfef22e3125ad373
Size: 2.66 MB - maven-wagon-3.3.4-2.module+el8+1496+9033cba1.src.rpm
MD5: 21a44e3fd2eff7098a029ec5c404b516
SHA-256: f6b3911facee745ca09221d810c93e8a76dc755e107098d4526c4b170e519080
Size: 488.29 kB - plexus-cipher-1.7-17.module+el8+1496+9033cba1.src.rpm
MD5: 77981f24881d79012ebcfa66ea3de8df
SHA-256: 2a7834f8bdb46dbb4f38023b1106f774738598e5ad6f5a5acbbfae276fcbeaaf
Size: 26.66 kB - plexus-classworlds-2.6.0-4.module+el8+1496+9033cba1.src.rpm
MD5: 75f09161042fb537a135e5ae82a3f3f6
SHA-256: ed68025f3220ae714627deee28632baa17247840f700a90dfa2cd40e87d972b1
Size: 70.19 kB - plexus-containers-2.1.0-2.module+el8+1496+9033cba1.src.rpm
MD5: 864ef1a7f17257ede8d6bf0fce00aae0
SHA-256: 605a7cecafa5ec34ad1a2d05b5a24725cf75ddd6c7a81475a434787776240c67
Size: 361.19 kB - plexus-interpolation-1.26-3.module+el8+1496+9033cba1.src.rpm
MD5: cd829b5b6f2396684073e5718373aa41
SHA-256: 4f86558f42db09a600311bf6d9d081fe65e4796893f3c5b598717dc5aa851d1b
Size: 71.48 kB - plexus-sec-dispatcher-1.4-29.module+el8+1496+9033cba1.src.rpm
MD5: 760b427a3573f0e761b11e357119498e
SHA-256: 5ff118d737b39a653051ef1a2327035c5d1d405311d472e323d70f0cc0bc76de
Size: 22.86 kB - plexus-utils-3.3.0-3.module+el8+1496+9033cba1.src.rpm
MD5: f44f162bdc855e4db0583a037992f4d0
SHA-256: e9bec862a9d195b401624383f6228b5d0d2f5cf6d02b76f1df1d5b03697786e8
Size: 441.41 kB - sisu-0.3.4-2.module+el8+1496+9033cba1.src.rpm
MD5: 077dd97b02cda8562d8c05f06144ff8b
SHA-256: 50a08b62cf00bcbf866bd8e1a1ba4d43cb3e93d39a0ad5f0b1b5b45b153205ff
Size: 693.64 kB - slf4j-1.7.28-3.module+el8+1496+9033cba1.src.rpm
MD5: 9cd6fdf1d6fd87ce45284736583c6020
SHA-256: a2dee5032ef8d8fa0de645807de1987753910ad415998f2b29e4077717c43050
Size: 2.17 MB
Asianux Server 8 for x86_64
- aopalliance-1.0-20.module+el8+1496+9033cba1.noarch.rpm
MD5: 07c0a5bdf0f4a0f7eef8043fb1b45d11
SHA-256: cb58d9236544c90e85a790141cde937586ea8572b91476e38c84567f67c4287a
Size: 16.18 kB - apache-commons-cli-1.4-7.module+el8+1496+9033cba1.noarch.rpm
MD5: 5cccbfc2f220c99bf4cb5f9959d79646
SHA-256: 07a00aa991ef20912c69a9462a9e746249673b0fc46428c0a9fb3dd55d048053
Size: 72.93 kB - apache-commons-codec-1.13-3.module+el8+1496+9033cba1.noarch.rpm
MD5: 205d58b0d30f01df4df0e1032a04f1b3
SHA-256: 6cd2b620d1dff92097a386c0768820e59d8250765e11dde0519fe79aff35a32f
Size: 299.46 kB - apache-commons-io-2.6-6.module+el8+1496+9033cba1.noarch.rpm
MD5: c37f42f2586026d772049ae629339025
SHA-256: b1dd24436c35b00f279abf7f5eb5f88f5003bfa6762dbaa2c2544060df0addb1
Size: 222.53 kB - apache-commons-lang3-3.9-4.module+el8+1496+9033cba1.noarch.rpm
MD5: cd69bdeddaeeadb15b1ab5dca21f24d0
SHA-256: 9d34f7912a66d82d96b4c0d40fcc410b8fcc1af91b26e4c38811ed8d6b3418cb
Size: 491.95 kB - atinject-1-31.20100611svn86.module+el8+1496+9033cba1.noarch.rpm
MD5: 33241d86bb743e124bb0f7194a84063b
SHA-256: 9b2752b296978b4843d9834d118c7aa864a8e6da436ff3f14ac8d6b60045f6bf
Size: 19.22 kB - cdi-api-2.0.1-3.module+el8+1496+9033cba1.noarch.rpm
MD5: 88ba1710d2b79b883eef93dd0c109d1a
SHA-256: d9c2d524f4592efe69b4418e38ac9107d02ad6bec5b901fb3df3567114cdeb82
Size: 94.72 kB - geronimo-annotation-1.0-26.module+el8+1496+9033cba1.noarch.rpm
MD5: cafe43e21277a574b0e50b56d97683f8
SHA-256: c47f97f5e0a6c1f871b907a0912bedc7be36c4fcad5d5a747da11aa8c74f385d
Size: 24.29 kB - google-guice-4.2.2-4.module+el8+1496+9033cba1.noarch.rpm
MD5: d41ec1f56d24fcbb8fd1277278a6f70b
SHA-256: 5ba4d973fe83ebf507f2f1a668551e3f412a2d01cbc30d88df11a66cb537e2b9
Size: 549.98 kB - guava-28.1-3.module+el8+1496+9033cba1.noarch.rpm
MD5: 71f24984d0fc1f7e0d5c627f3e55e8f9
SHA-256: 9d60c2cf294b99d1a33660e136a827149881d25cbdd83948bd01ffd56abedd45
Size: 2.30 MB - httpcomponents-client-4.5.10-4.module+el8+1496+9033cba1.noarch.rpm
MD5: cc307f7ad553afcc9b84a78edb2a3964
SHA-256: e3d9c5ab7ab37edb817fae8272cb3abec418f8ae2100aeaa24be3b7f2916f171
Size: 667.75 kB - httpcomponents-core-4.4.12-3.module+el8+1496+9033cba1.noarch.rpm
MD5: f6a5e01681f439f65e2619c2a992fda0
SHA-256: 13263d451f9759e58edce1ea10cb971bb9eac816e9247a482ef83108ac09b461
Size: 641.43 kB - jansi-1.18-4.module+el8+1496+9033cba1.noarch.rpm
MD5: c682eef88790598c7c9b2273f1af5ea8
SHA-256: 92000559e32fc1a2539f1887023783bba9407876ab89724a7cffbe99994458e5
Size: 66.94 kB - jsoup-1.12.1-3.module+el8+1496+9033cba1.noarch.rpm
MD5: eca166deb5d025c87792dc7439582a29
SHA-256: 12f9129c001ed3dd1564468a7ccf2bcf7eb576d005bdff073695fe0c90fe526b
Size: 387.46 kB - jsr-305-0-0.25.20130910svn.module+el8+1496+9033cba1.noarch.rpm
MD5: c626ca3e68fb768aa61cc76678a45149
SHA-256: 89a4335cf5f3a7a001cdbd70e8ee656627885beec62590a3de93b17184696d48
Size: 33.57 kB - maven-resolver-1.4.1-3.module+el8+1496+9033cba1.noarch.rpm
MD5: e8cb2823545284d21415c38a1479d9a1
SHA-256: 397d49ad1ab704a8fdf255c0c24a5f287246431ad1e5eb802632a70334de099c
Size: 519.11 kB - maven-shared-utils-3.2.1-0.5.module+el8+1496+9033cba1.noarch.rpm
MD5: a4a89d5ab025a086cc95a8e2f528a97a
SHA-256: 6a2eb2f9030817468a817ad55b9a9261d0ca44c9275fef1ffc55b335a22cb8ea
Size: 164.01 kB - maven-3.6.2-7.module+el8+1496+9033cba1.noarch.rpm
MD5: 7f248d3fd2caf8e54e762c158badc0f2
SHA-256: cdda4c2cffd7d51a2893c9d1a90581eec2ace066a21f98873ac7da18fa15036c
Size: 32.98 kB - maven-lib-3.6.2-7.module+el8+1496+9033cba1.noarch.rpm
MD5: c1d0053ef76ebc602d8f4fbd7cbbad30
SHA-256: cbc8ae2d4b7c2d64dae9a2790dbea15d1dfea301970fb32b7d256630fb5f80b9
Size: 1.50 MB - maven-openjdk11-3.6.2-7.module+el8+1496+9033cba1.noarch.rpm
MD5: c8b729e6aabff71dbc455f05c59282b3
SHA-256: d08f580bd0999aeddbe8a6393fcb704f36f8d1301a6d0720be45c5360915b3a9
Size: 24.35 kB - maven-openjdk17-3.6.2-7.module+el8+1496+9033cba1.noarch.rpm
MD5: 6dc50e2b13870a3be9b701caf19e0a8f
SHA-256: c58e589b5565970338747832434a258f4b5df28c4976fa1cc3121e7b6da94316
Size: 24.35 kB - maven-openjdk8-3.6.2-7.module+el8+1496+9033cba1.noarch.rpm
MD5: 36ea77e69a60b443fff59b70eb4334a4
SHA-256: 45ef011947721f80d24484fde54b1a43c6e19523d0268c023721c5c1f97f5b94
Size: 24.34 kB - maven-wagon-3.3.4-2.module+el8+1496+9033cba1.noarch.rpm
MD5: 0908d178895fb9efece3fd507b1f9185
SHA-256: 1ea21a094a60c8c5a4b75b704164284b27dd7948ae218b62d9ec6ddc257cc689
Size: 115.85 kB - plexus-cipher-1.7-17.module+el8+1496+9033cba1.noarch.rpm
MD5: 7bc556951da7b190a1d2e419c54b5712
SHA-256: 3dcedde74f9737739b5656310e700aa3e75a284b0c60e26a934a7c9b85a22811
Size: 27.69 kB - plexus-classworlds-2.6.0-4.module+el8+1496+9033cba1.noarch.rpm
MD5: 5b680c55dd3e6babd5ee13fd276d79fb
SHA-256: 18425ce365edd68a3660c7af1f12dac829084d27558621d41ba70cb8d5257a07
Size: 64.27 kB - plexus-containers-component-annotations-2.1.0-2.module+el8+1496+9033cba1.noarch.rpm
MD5: 6b9fab82a120bb39561f26bfc84c7bbb
SHA-256: 1b96807fa5da71b90bea32b3fb68d568bb05a0c556d2cd70cb0f11ed054f501f
Size: 22.89 kB - plexus-interpolation-1.26-3.module+el8+1496+9033cba1.noarch.rpm
MD5: e9be6ccaff6eca2bfac1679a98ef5775
SHA-256: 785752654c60b339194d3a5fb2f985d375c62bf0c4336348107f235bc47c565b
Size: 81.98 kB - plexus-sec-dispatcher-1.4-29.module+el8+1496+9033cba1.noarch.rpm
MD5: 58c4ce93ef1cf036581ef6a21fe4b1ef
SHA-256: 1f27dc892697857588ec01cf8653773e7ffdfc7491da26d9862a5b7059bacfe4
Size: 35.52 kB - plexus-utils-3.3.0-3.module+el8+1496+9033cba1.noarch.rpm
MD5: a6d8725b592cf7b71e5f05c990c41fb1
SHA-256: 6ef01ce10a30cbb5fc7c7ae9ed73700307649dc9f35d12df6e292068ac2c282d
Size: 259.88 kB - sisu-0.3.4-2.module+el8+1496+9033cba1.noarch.rpm
MD5: d81fe7097e2c4858961e086ac1e295fb
SHA-256: 429ef128c3d198000548eee7b433d136774ab64507aab8aceafdff5bb2c3c16b
Size: 520.22 kB - jcl-over-slf4j-1.7.28-3.module+el8+1496+9033cba1.noarch.rpm
MD5: 8c513acd6b4c259280351118f24c5ca5
SHA-256: 82ed6ee3b234c32d03867bae4d4443de9a395f5332fe9c4ea7c6d70aabe5d252
Size: 30.91 kB - slf4j-1.7.28-3.module+el8+1496+9033cba1.noarch.rpm
MD5: 653decb3fc424ab9e04c091b752da863
SHA-256: d6236d44ba9d0b714ef8f2f5e0cc6773248340e6ed424a256f3414f00f8150a2
Size: 76.03 kB
English