Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu: 22.04 Critical Advisory: Apache Maven Shell Injection Risk

ubuntu
Calendar Grey April 11, 2024
Dist Ubuntu Esm H88
Upgrade system libraries to resolve maven-shared-utils vulnerability that exposes Ubuntu systems to shell exploitations.
maven-shared-utils could be made to run programs if it received specially crafted input.

Summary

maven-shared-utils could be made to run programs if it received

specially crafted input.

Software Description:

- - maven-shared-utils: A collection of Maven utility classes.

Details:

It was discovered that Apache Maven Shared Utils did not handle double-quoted

strings properly, allowing shell injection attacks. This could allow an

attacker to run arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  libmaven-shared-utils-java      3.3.0-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:
  libmaven-shared-utils-java      3.3.0-1ubuntu0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  libmaven-shared-utils-java      3.3.0-1ubuntu0.18.04.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libmaven-shared-utils-java      0.9-1ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  libmaven-shared-utils-java      0.4-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6730-1

CVE-2022-29599

Severity
critical
Lowest
Low
Medium
High
Critical

Hash: SHA512

Package Information

-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETB/nIDy9nvCSgAUj3gXQmO/Tr3wFAmYYcLwACgkQ3gXQmO/T
r3yYcRAAgdreHC0o+VtyTJL/jorqqs7vKGZv4qC0XhaP69STRNtlSR4rG4I9wRqm
BOhmBVLJylEtxfAxiWrnag5N04CBR12nr/Shk+JCm06e/5ROnu9LYiCoMowORZzy
Nnlu82qRmCwvnL9iSWzI4wnArDehMVniOCMmWNCfpa6/UXoh1gVCjikRAWRlBOAv
uA0KrR0cNwJ90G5wuB59zqxoUPZBf+AVCkjXYSv5WbWTvLrZbz8zhmKvc8kqu1OL
0D05mwH5kxXuhapZ8kBqapytjP+GmuRjHFI7kk+3yhPul2J0JDcNGO99lOZ2lUfz
IXk1S/XQTt2aEhdoanrpI6lVXcVHA0yr5I03bFEDg8D1BwZRm29KBrH2wsHdpN6J
XWIHfaHR7kYfDVsm9kpc72b7jv/aDD66vPsI/W3A/2QttpwpjwXgZSc2Mtx/WE+T
O5/b0jtpNrwHHYLigE2PYMPaRPjxtxhQ7qnd6FccNQl9+fOrKw9NHBAu0r5s4jlI
cU9d47W/mdEcM3y5OuSe8lN6rtHsvnjaQxuuO5lCLKIOpohi7YyyaU5aHGXns34P
FnImexzC8YxRvbR5ku/4ZgOAcPv9kC0wMDiC7rggqLGlhsohoca1wXG2TRIsinx5
fRFjffvqcF6bbfyjWIKKZaM4y1QmhX3+Eth77QEqLb0InJAWDp4=
=P4zw
-----END PGP SIGNATURE-----

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here