{"id":56231,"date":"2024-04-12T19:29:43","date_gmt":"2024-04-12T15:29:43","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178038\/USN-6730-1.txt"},"modified":"2024-04-12T19:29:43","modified_gmt":"2024-04-12T15:29:43","slug":"ubuntu-security-notice-usn-6730-1","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/ubuntu-security-notice-usn-6730-1\/","title":{"rendered":"Ubuntu Security Notice USN-6730-1"},"content":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;<br \/>Hash: SHA512<\/p>\n<p>==========================================================================<br \/>Ubuntu Security Notice USN-6730-1<br \/>April 11, 2024<\/p>\n<p>maven-shared-utils vulnerability<br \/>==========================================================================<\/p>\n<p>A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n<p>&#8211; &#8211; Ubuntu 22.04 LTS<br \/>&#8211; &#8211; Ubuntu 20.04 LTS<br \/>&#8211; &#8211; Ubuntu 18.04 LTS (Available with Ubuntu Pro)<br \/>&#8211; &#8211; Ubuntu 16.04 LTS (Available with Ubuntu Pro)<br \/>&#8211; &#8211; Ubuntu 14.04 LTS (Available with Ubuntu Pro)<\/p>\n<p>Summary:<\/p>\n<p>maven-shared-utils could be made to run programs if it received<br \/>specially crafted input.<\/p>\n<p>Software Description:<br \/>&#8211; &#8211; maven-shared-utils: A collection of Maven utility classes.<\/p>\n<p>Details:<\/p>\n<p>It was discovered that Apache Maven Shared Utils did not handle double-quoted<br \/>strings properly, allowing shell injection attacks. This could allow an<br \/>attacker to run arbitrary code.<\/p>\n<p>Update instructions:<\/p>\n<p>The problem can be corrected by updating your system to the following<br \/>package versions:<\/p>\n<p>Ubuntu 22.04 LTS:<br \/>libmaven-shared-utils-java 3.3.0-1ubuntu0.22.04.1<\/p>\n<p>Ubuntu 20.04 LTS:<br \/>libmaven-shared-utils-java 3.3.0-1ubuntu0.20.04.1<\/p>\n<p>Ubuntu 18.04 LTS (Available with Ubuntu Pro):<br \/>libmaven-shared-utils-java 3.3.0-1ubuntu0.18.04.1~esm1<\/p>\n<p>Ubuntu 16.04 LTS (Available with Ubuntu Pro):<br \/>libmaven-shared-utils-java 0.9-1ubuntu0.1~esm1<\/p>\n<p>Ubuntu 14.04 LTS (Available with Ubuntu Pro):<br \/>libmaven-shared-utils-java 0.4-1ubuntu0.1~esm1<\/p>\n<p>In general, a standard system update will make all the necessary changes.<\/p>\n<p>References:<br \/>https:\/\/ubuntu.com\/security\/notices\/USN-6730-1<br \/>CVE-2022-29599<\/p>\n<p>Package Information:<br \/>https:\/\/launchpad.net\/ubuntu\/+source\/maven-shared-utils\/3.3.0-1ubuntu0.22.04.1<br \/>https:\/\/launchpad.net\/ubuntu\/+source\/maven-shared-utils\/3.3.0-1ubuntu0.20.04.1<br \/>&#8212;&#8211;BEGIN PGP SIGNATURE&#8212;&#8211;<\/p>\n<p>iQIzBAEBCgAdFiEETB\/nIDy9nvCSgAUj3gXQmO\/Tr3wFAmYYcLwACgkQ3gXQmO\/T<br \/>r3yYcRAAgdreHC0o+VtyTJL\/jorqqs7vKGZv4qC0XhaP69STRNtlSR4rG4I9wRqm<br \/>BOhmBVLJylEtxfAxiWrnag5N04CBR12nr\/Shk+JCm06e\/5ROnu9LYiCoMowORZzy<br \/>Nnlu82qRmCwvnL9iSWzI4wnArDehMVniOCMmWNCfpa6\/UXoh1gVCjikRAWRlBOAv<br \/>uA0KrR0cNwJ90G5wuB59zqxoUPZBf+AVCkjXYSv5WbWTvLrZbz8zhmKvc8kqu1OL<br \/>0D05mwH5kxXuhapZ8kBqapytjP+GmuRjHFI7kk+3yhPul2J0JDcNGO99lOZ2lUfz<br \/>IXk1S\/XQTt2aEhdoanrpI6lVXcVHA0yr5I03bFEDg8D1BwZRm29KBrH2wsHdpN6J<br \/>XWIHfaHR7kYfDVsm9kpc72b7jv\/aDD66vPsI\/W3A\/2QttpwpjwXgZSc2Mtx\/WE+T<br \/>O5\/b0jtpNrwHHYLigE2PYMPaRPjxtxhQ7qnd6FccNQl9+fOrKw9NHBAu0r5s4jlI<br \/>cU9d47W\/mdEcM3y5OuSe8lN6rtHsvnjaQxuuO5lCLKIOpohi7YyyaU5aHGXns34P<br \/>FnImexzC8YxRvbR5ku\/4ZgOAcPv9kC0wMDiC7rggqLGlhsohoca1wXG2TRIsinx5<br \/>fRFjffvqcF6bbfyjWIKKZaM4y1QmhX3+Eth77QEqLb0InJAWDp4=<br \/>=P4zw<br \/>&#8212;&#8211;END PGP SIGNATURE&#8212;&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;Hash: SHA512 ==========================================================================Ubuntu Security Notice USN-6730-1April 11, 2024 maven-shared-utils vulnerability========================================================================== A security issue affects these releases of Ubuntu and its derivatives: &#8211; &#8211; Ubuntu 22.04 LTS&#8211; &#8211; Ubuntu 20.04 LTS&#8211; &#8211; Ubuntu 18.04 LTS (Available with Ubuntu Pro)&#8211; &#8211; Ubuntu 16.04 LTS (Available with Ubuntu Pro)&#8211; &#8211; Ubuntu 14.04 LTS (Available with &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56231","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56231"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56231\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}