Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryhigh severityfedoraFedora 40: Critical Type Confusion Vulnerabilities in Maven File Management
Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : maven-file-management Product : Fedora 40 Version : 3.1.0 Release : 6.fc40 URL : https://maven.apache.org/shared/file-management/ Summary : Maven File Management API Description : Provides a component for plugins to easily resolve project dependencies. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 1:3.1.0-6 - Rebuilt for java-21-openjdk as system jdk * Tue Feb 20 2024 Marian Koncek - 1:3.1.0-5 - Update Java source/target to 1.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 -CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 07, 2024
•Critical
Fedora
89
security advisoryupdateFedoraFedora: 2024-129d8ca6fc High Severity: V8 Type Confusion Issue
Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : maven-dependency-tree Product : Fedora 40 Version : 3.2.1 Release : 6.fc40 URL : https://maven.apache.org/ Summary : Maven dependency tree artifact Description : Apache Maven dependency tree artifact. Originally part of maven-shared. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 3.2.1-6 - Rebuilt for java-21-openjdk as system jdk * Fri Mar 1 2024 Jiri Vanek - 3.2.1-5 - bump of release for for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 -CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 07, 2024
Fedora
100
security advisorymoderatefile writeSUSE: 2023:3830-1 Moderate: bci/openjdk-devel File Write Issue
The container bci/openjdk-devel was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3830-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.84 Container Release : 10.84 Severity : moderate Type : security References : 1162112 1216529 CVE-2023-46122 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4527-1 Released: Wed Nov 22 14:38:50 2023 Summary: Security update for maven, maven-resolver, sbt, xmvn Type: security Severity: moderate References: 1162112,1216529,CVE-2023-46122 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: - CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). - Upgraded maven to version 3.9.4 - Upgraded maven-resolver to version 1.9.15. The following package changes have been done: - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.22.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - maven-resolver-api-1.9.15-150200.3.14.2 updated - maven-resolver-util-1.9.15-150200.3.14.2 updated - maven-resolver-spi-1.9.15-150200.3.14.2 updated - maven-resolver-named-locks-1.9.15-150200.3.14.2 updated - maven-resolver-transport-file-1.9.15-150200.3.14.2 updated - maven-resolver-connector-basic-1.9.15-150200.3.14.2 updated - maven-resolver-transport-wagon-1.9.15-150200.3.14.2 updated - maven-resolver-impl-1.9.15-150200.3.14.2 updated - maven-resolver-transport-http-1.9.15-150200.3.14.2 updated - maven-lib-3.9.4-150200.4.18.1 updated - maven-3.9.4-150200.4.18.1 updated -container:bci-openjdk-11-15.5.11-11.41 updated . Critical patch released for bci/openjdk-devel addresses vulnerability in file writing permissions. Full disclosure on modifications and enhancements is provided.. SUSE Container Advisory,bci/openjdk-devel,security patch,maven upgrade,file write issue. . LinuxSecurity.com Team
Nov 23, 2023
SuSE
100
security advisorymoderateupdateSUSE: 2023:4528-2 Moderate: Docker Security Flaw Resolution
* bsc#1162112 * bsc#1216529 Cross-References: * CVE-2023-46122 . # Security update for maven, maven-resolver, sbt, xmvn Announcement ID: SUSE-SU-2023:4527-1 Rating: moderate References: * bsc#1162112 * bsc#1216529 Cross-References: * CVE-2023-46122 CVSS scores: * CVE-2023-46122 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-46122 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ##Description: This update for maven, maven-resolver, sbt, xmvn fixes the following issues: * CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt (bsc#1216529). * Upgraded maven to version 3.9.4 * Upgraded maven-resolver to version 1.9.15. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4527=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4527=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4527=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4527=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4527=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4527=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4527=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4527=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4527=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4527=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4527=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4527=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4527=1 ## Package List: * openSUSELeap 15.4 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * openSUSE Leap 15.4 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * maven-resolver-transport-classpath-1.9.15-150200.3.14.2 * maven-javadoc-3.9.4-150200.4.18.1 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * maven-resolver-javadoc-1.9.15-150200.3.14.2 * maven-resolver-test-util-1.9.15-150200.3.14.2 * sbt-0.13.18-150200.4.16.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * sbt-bootstrap-0.13.18-150200.4.16.1 * xmvn-connector-javadoc-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * xmvn-tools-javadoc-4.2.0-150200.3.14.1 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-parent-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-mojo-javadoc-4.2.0-150200.3.14.1 * xmvn-resolve-4.2.0-150200.3.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * openSUSE Leap 15.5 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * maven-resolver-transport-classpath-1.9.15-150200.3.14.2 * maven-javadoc-3.9.4-150200.4.18.1 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * maven-resolver-javadoc-1.9.15-150200.3.14.2 * maven-resolver-test-util-1.9.15-150200.3.14.2 *sbt-0.13.18-150200.4.16.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * sbt-bootstrap-0.13.18-150200.4.16.1 * xmvn-connector-javadoc-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * xmvn-tools-javadoc-4.2.0-150200.3.14.1 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-parent-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-mojo-javadoc-4.2.0-150200.3.14.1 * xmvn-resolve-4.2.0-150200.3.14.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-minimal-4.2.0-150200.3.14.1 * xmvn-4.2.0-150200.3.14.1 * Development Tools Module 15-SP4 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 *Development Tools Module 15-SP5 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-util-1.9.15-150200.3.14.2 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Package Hub 15 15-SP5 (noarch) * sbt-bootstrap-0.13.18-150200.4.16.1 * sbt-0.13.18-150200.4.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) *xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) *xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 * maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * xmvn-minimal-4.2.0-150200.3.14.1 *maven-3.9.4-150200.4.18.1 * maven-lib-3.9.4-150200.4.18.1 * xmvn-4.2.0-150200.3.14.1 * SUSE Enterprise Storage 7.1 (noarch) * xmvn-core-4.2.0-150200.3.14.1 * xmvn-connector-4.2.0-150200.3.14.1 * xmvn-install-4.2.0-150200.3.14.1 * maven-resolver-api-1.9.15-150200.3.14.2 * xmvn-subst-4.2.0-150200.3.14.1 * xmvn-mojo-4.2.0-150200.3.14.1 * maven-resolver-named-locks-1.9.15-150200.3.14.2 * maven-resolver-spi-1.9.15-150200.3.14.2 * xmvn-resolve-4.2.0-150200.3.14.1 * maven-resolver-connector-basic-1.9.15-150200.3.14.2 * maven-resolver-transport-file-1.9.15-150200.3.14.2 * maven-resolver-impl-1.9.15-150200.3.14.2 * maven-resolver-util-1.9.15-150200.3.14.2 * xmvn-api-4.2.0-150200.3.14.1 * maven-resolver-transport-wagon-1.9.15-150200.3.14.2 * maven-resolver-transport-http-1.9.15-150200.3.14.2 ## References: * https://www.suse.com/security/cve/CVE-2023-46122.html * https://bugzilla.suse.com/show_bug.cgi?id=1162112 * https://bugzilla.suse.com/show_bug.cgi?id=1216529 . Critical update for maven and sbt on SUSE and openSUSE addressing arbitrary file write flaws efficiently.. SUSE Update, Maven Security Fix, Development Tools Advisory, sbt Update. . Severity: Important. LinuxSecurity.com Team
Nov 22, 2023
•Important
SuSE
203
security advisorycriticalMageiaMageia 8 MGASA-2023-0230 Critical: Maven Non-SSL Reference Advisory
No longer use http (non-SSL) repository references by default. References: - https://bugs.mageia.org/show_bug.cgi?id=28924 - https://www.openwall.com/lists/oss-security/2021/04/23/5 . MGASA-2023-0230 - Updated maven packages fix security vulnerability Publication date: 19 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0230.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-26291 No longer use http (non-SSL) repository references by default. References: - https://bugs.mageia.org/show_bug.cgi?id=28924 - https://www.openwall.com/lists/oss-security/2021/04/23/5 - https://ubuntu.com/security/notices/USN-5805-1 - https://lists.suse.com/pipermail/sle-security-updates/2023-May/014769.html - https://www.cve.org/CVERecord?id=CVE-2021-26291 SRPMS: - 8/core/maven-3.6.3-8.1.mga8 . Mageia 2023-0231 tackles security vulnerabilities in the maven packages by refreshing repository links to improve compliance with safety protocols.. Mageia Security, Maven Update, Repository Management, Non-SSL Configuration. . Severity: Critical. LinuxSecurity.com Team
Jul 19, 2023
•Critical
Mageia
100
security advisoryimportantsecurity patchSUSE: 2023:1427-1 Important: bci/openjdk-devel Security Update
The container bci/openjdk-devel was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1427-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.83 , bci/openjdk-devel:latest Container Release : 14.83 Severity : important Type : security References : 1193795 CVE-2021-42550 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2097-1 Released: Thu May 4 09:11:06 2023 Summary: Security update for maven and recommended update for antlr3, minlog, sbt, xmvn Type: security Severity: important References: 1193795,CVE-2021-42550 This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues: maven: - Version update from 3.8.5 to 3.8.6 (jsc#SLE-23217): * Security fixes: + CVE-2021-42550: Update Version of (optional) Logback (bsc#1193795) * Bug fixes: + Fix resolver session containing non-MavenWorkspaceReader + Fix for multiple maven instances working on same source tree that can lock each other + Don't ignore bin/ otherwise bin/ in apache-maven module cannot be added back + Fix IllegalStateException in SessionScope during guice injection in multithreaded build + Revert MNG-7347 (SessionScoped beans should be singletons for a given session) + Fix compilation failure with relocated transitive dependency + Fix deadlock during forked lifecycle executions + Fix issue with resolving dependencies between submodules * New features and improvements: + Create a multiline message helper for boxed log messages + Display a warning when an aggregator mojo is locking other mojo executions + Align AssemblyDescriptor NS versions * Dependency upgrades: + Upgrade SLF4J to 1.7.36 + Upgrade JUnit to 4.13.2 + Upgrade Plexus Utils to 3.3.1 - Move mvn.1 from bin to man directory antlr3: - Bug fixes in this version update from 3.5.2 to 3.5.3 (jsc#SLE-23217): * Change source compatibility to 1.8 and enable github workflows * Change Wiki URLs to theantlrguy.atlassian.net in README.txt * Add Bazel support - Remove enforcer plugin as it is not needed in a controlled environment minlog: - Bug fixes in this version update from 1.3.0 to 1.3.1 (jsc#SLE-23217): * Use currentTimeMillis * Use 3-Clause BSD * Use Java 7 JDK. sbt: - Fix build issues with maven 3.8.6 (jsc#SLE-23217) xmvn: - Remove RPM package build dependency on easymock (jsc#SLE-23217) The following package changes have been done: - maven-lib-3.8.6-150200.4.9.8 updated - maven-3.8.6-150200.4.9.8 updated - container:bci-openjdk-17-15.4.17-13.44 updated . SUSE enhances bci/python3-devel container with crucial security fixes that tackle vulnerabilities in pip and associated modules.. Container Update, Security Patch, bci/openjdk-devel, Maven Update, Important Security Fixes. . Severity: Important. LinuxSecurity.com Team
May 05, 2023
•Important
SuSE
217
security advisorysecurity issuesoftware patchOracle Linux 8 ELSA-2022-4797 Moderate: Maven Security Advisory
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-4797 https://linux.oracle.com/errata/ELSA-2022-4797.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: aopalliance-1.0-20.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-cli-1.4-7.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-codec-1.13-3.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-io-2.6-6.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-lang3-3.9-4.module+el8.6.0+20615+edd0bff8.noarch.rpm atinject-1-31.20100611svn86.module+el8.6.0+20615+edd0bff8.noarch.rpm cdi-api-2.0.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm geronimo-annotation-1.0-26.module+el8.6.0+20615+edd0bff8.noarch.rpm google-guice-4.2.2-4.module+el8.6.0+20615+edd0bff8.noarch.rpm guava-28.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm httpcomponents-client-4.5.10-4.module+el8.6.0+20615+edd0bff8.noarch.rpm httpcomponents-core-4.4.12-3.module+el8.6.0+20615+edd0bff8.noarch.rpm jansi-1.18-4.module+el8.6.0+20615+edd0bff8.noarch.rpm jcl-over-slf4j-1.7.28-3.module+el8.6.0+20615+edd0bff8.noarch.rpm jsoup-1.12.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm jsr-305-0-0.25.20130910svn.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-lib-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-openjdk11-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-openjdk17-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-openjdk8-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-resolver-1.4.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-shared-utils-3.2.1-0.4.module+el8.6.0+20675+b1cf145f.noarch.rpm maven-wagon-3.3.4-2.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-cipher-1.7-17.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-classworlds-2.6.0-4.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-containers-component-annotations-2.1.0-2.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-interpolation-1.26-3.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-sec-dispatcher-1.4-29.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-utils-3.3.0-3.module+el8.6.0+20615+edd0bff8.noarch.rpm sisu-0.3.4-2.module+el8.6.0+20615+edd0bff8.noarch.rpm slf4j-1.7.28-3.module+el8.6.0+20615+edd0bff8.noarch.rpm aarch64: aopalliance-1.0-20.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-cli-1.4-7.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-codec-1.13-3.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-io-2.6-6.module+el8.6.0+20615+edd0bff8.noarch.rpm apache-commons-lang3-3.9-4.module+el8.6.0+20615+edd0bff8.noarch.rpm atinject-1-31.20100611svn86.module+el8.6.0+20615+edd0bff8.noarch.rpm cdi-api-2.0.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm geronimo-annotation-1.0-26.module+el8.6.0+20615+edd0bff8.noarch.rpm google-guice-4.2.2-4.module+el8.6.0+20615+edd0bff8.noarch.rpm guava-28.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm httpcomponents-client-4.5.10-4.module+el8.6.0+20615+edd0bff8.noarch.rpm httpcomponents-core-4.4.12-3.module+el8.6.0+20615+edd0bff8.noarch.rpm jansi-1.18-4.module+el8.6.0+20615+edd0bff8.noarch.rpm jcl-over-slf4j-1.7.28-3.module+el8.6.0+20615+edd0bff8.noarch.rpm jsoup-1.12.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm jsr-305-0-0.25.20130910svn.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-lib-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-openjdk11-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-openjdk17-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-openjdk8-3.6.2-7.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-resolver-1.4.1-3.module+el8.6.0+20615+edd0bff8.noarch.rpm maven-shared-utils-3.2.1-0.4.module+el8.6.0+20675+b1cf145f.noarch.rpm maven-wagon-3.3.4-2.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-cipher-1.7-17.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-classworlds-2.6.0-4.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-containers-component-annotations-2.1.0-2.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-interpolation-1.26-3.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-sec-dispatcher-1.4-29.module+el8.6.0+20615+edd0bff8.noarch.rpm plexus-utils-3.3.0-3.module+el8.6.0+20615+edd0bff8.noarch.rpm sisu-0.3.4-2.module+el8.6.0+20615+edd0bff8.noarch.rpm slf4j-1.7.28-3.module+el8.6.0+20615+edd0bff8.noarch.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/aopalliance-1.0-20.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/apache-commons-cli-1.4-7.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/apache-commons-codec-1.13-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/apache-commons-io-2.6-6.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/apache-commons-lang3-3.9-4.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/atinject-1-31.20100611svn86.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/cdi-api-2.0.1-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/geronimo-annotation-1.0-26.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/google-guice-4.2.2-4.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/guava-28.1-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/httpcomponents-client-4.5.10-4.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/httpcomponents-core-4.4.12-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/jansi-1.18-4.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/jsoup-1.12.1-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/jsr-305-0-0.25.20130910svn.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/maven-3.6.2-7.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/maven-resolver-1.4.1-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/maven-shared-utils-3.2.1-0.4.module+el8.6.0+20675+b1cf145f.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/maven-wagon-3.3.4-2.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/plexus-cipher-1.7-17.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/plexus-classworlds-2.6.0-4.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/plexus-containers-2.1.0-2.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/plexus-interpolation-1.26-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/plexus-sec-dispatcher-1.4-29.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/plexus-utils-3.3.0-3.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/sisu-0.3.4-2.module+el8.6.0+20615+edd0bff8.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates/slf4j-1.7.28-3.module+el8.6.0+20615+edd0bff8.src.rpm Related CVEs: CVE-2022-29599 Description of changes: maven-shared-utils [3.2.1-0.4] - Build with OpenJDK 8 _______________________________________________ El-errata mailing list
Jun 02, 2022
•Important
Oracle
98
security advisorymoderateupdateRed Hat Enterprise Linux 8 RHSA-2022-1860 Moderate: Maven 3.6 Security Fix
An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: maven:3.6 security and enhancement update Advisory ID: RHSA-2022:1860-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1860 Issue date: 2022-05-10 CVE Names: CVE-2020-13956 ==================================================================== 1. Summary: An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch 3. Description: Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fix(es): * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1991521 - maven dependencies will need to be satisfiable by openjdk17 in RHEL 8 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: aopalliance-1.0-20.module+el8.6.0+13337+afcb49ec.src.rpm apache-commons-cli-1.4-7.module+el8.6.0+13337+afcb49ec.src.rpm apache-commons-codec-1.13-3.module+el8.6.0+13337+afcb49ec.src.rpm apache-commons-io-2.6-6.module+el8.6.0+13337+afcb49ec.src.rpm apache-commons-lang3-3.9-4.module+el8.6.0+13337+afcb49ec.src.rpm atinject-1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src.rpm cdi-api-2.0.1-3.module+el8.6.0+13337+afcb49ec.src.rpm geronimo-annotation-1.0-26.module+el8.6.0+13337+afcb49ec.src.rpm google-guice-4.2.2-4.module+el8.6.0+13337+afcb49ec.src.rpm guava-28.1-3.module+el8.6.0+13337+afcb49ec.src.rpm httpcomponents-client-4.5.10-4.module+el8.6.0+13337+afcb49ec.src.rpm httpcomponents-core-4.4.12-3.module+el8.6.0+13337+afcb49ec.src.rpm jansi-1.18-4.module+el8.6.0+13337+afcb49ec.src.rpm jsoup-1.12.1-3.module+el8.6.0+13337+afcb49ec.src.rpm jsr-305-0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src.rpm maven-3.6.2-7.module+el8.6.0+13337+afcb49ec.src.rpm maven-resolver-1.4.1-3.module+el8.6.0+13337+afcb49ec.src.rpm maven-shared-utils-3.2.1-0.4.module+el8.6.0+13337+afcb49ec.src.rpm maven-wagon-3.3.4-2.module+el8.6.0+13337+afcb49ec.src.rpm plexus-cipher-1.7-17.module+el8.6.0+13337+afcb49ec.src.rpm plexus-classworlds-2.6.0-4.module+el8.6.0+13337+afcb49ec.src.rpm plexus-containers-2.1.0-2.module+el8.6.0+13337+afcb49ec.src.rpm plexus-interpolation-1.26-3.module+el8.6.0+13337+afcb49ec.src.rpm plexus-sec-dispatcher-1.4-29.module+el8.6.0+13337+afcb49ec.src.rpm plexus-utils-3.3.0-3.module+el8.6.0+13337+afcb49ec.src.rpm sisu-0.3.4-2.module+el8.6.0+13337+afcb49ec.src.rpm slf4j-1.7.28-3.module+el8.6.0+13337+afcb49ec.src.rpm noarch: aopalliance-1.0-20.module+el8.6.0+13337+afcb49ec.noarch.rpm apache-commons-cli-1.4-7.module+el8.6.0+13337+afcb49ec.noarch.rpm apache-commons-codec-1.13-3.module+el8.6.0+13337+afcb49ec.noarch.rpm apache-commons-io-2.6-6.module+el8.6.0+13337+afcb49ec.noarch.rpm apache-commons-lang3-3.9-4.module+el8.6.0+13337+afcb49ec.noarch.rpm atinject-1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch.rpm cdi-api-2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch.rpm geronimo-annotation-1.0-26.module+el8.6.0+13337+afcb49ec.noarch.rpm google-guice-4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch.rpm guava-28.1-3.module+el8.6.0+13337+afcb49ec.noarch.rpm httpcomponents-client-4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch.rpm httpcomponents-core-4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch.rpm jansi-1.18-4.module+el8.6.0+13337+afcb49ec.noarch.rpm jcl-over-slf4j-1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch.rpm jsoup-1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch.rpm jsr-305-0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-lib-3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-openjdk11-3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-openjdk17-3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-openjdk8-3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-resolver-1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-shared-utils-3.2.1-0.4.module+el8.6.0+13337+afcb49ec.noarch.rpm maven-wagon-3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch.rpm plexus-cipher-1.7-17.module+el8.6.0+13337+afcb49ec.noarch.rpm plexus-classworlds-2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch.rpm plexus-containers-component-annotations-2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch.rpm plexus-interpolation-1.26-3.module+el8.6.0+13337+afcb49ec.noarch.rpm plexus-sec-dispatcher-1.4-29.module+el8.6.0+13337+afcb49ec.noarch.rpm plexus-utils-3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch.rpm sisu-0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch.rpm slf4j-1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqRM9zjgjWX9erEAQje1Q//fXQupsTrVoe9HwBnsdE0sdwUmLNfnf+f pcqaS6TKYwDycMkY6G4kBKzUtwTBl3qEzwrxQvtIpAAiKPy4w/cZWb025B4Bgl09 wufgcNJ+YnEg3crwZvAs2ZZkJ1A6dtiO8Viu6r91c1V2HQJISrheD0z36DmONxQU I7AyBI6YL1bgDhDn3mpRBzZYO7uxUqUAX5gOJhve9Cu2qMIQqU8E0/vqrkEMq0Pv hEwkFX1fiElS/7DRPmPWduhYkjWBGNUnMHSeHVxzBGuWH0PxcPPaYf6lkMNFNQvn nF182Wd8z3eNmy8jXyLe/8r8JT8ZDwEaCtpAgqsDGhhMGpEklzdpBSNeb1tEGDM+ ldYKwwHDaxBchzkoyW4MGW3TAAWATG3WQ7uqipWQ8Vlqji/iVVZI0S2ez+Hxqizs C0Djlx4HEm/WIrN7ufkJUxBrPyqxaU1TJB+BkrUzc98F37IJLaRoadrjVcj6ECqH NiectRYtOJjOe2xgF7Y4n0v1aoe1neI1WADxZ2vQ75JiYpuTv98gtEFocaM+I2pd STvj0hgOlESuXidN1mRQHy+FqJaOf2H4gtJKPJ0uS9A0RZ/N8ei/Y6ztXL/0smn4 EiQLV80wx3yoUmR7dyUrOoGr2DZXeRY78JO7FT77hVDs60rC+1pzEInRD0oz2BhQ +3TyxxLlyac=1bhp -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 10, 2022
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!