RHSA-2022:1860: Moderate: maven:3.6 security and enhancement update
Published May 10, 2022
·Updated
Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.Security Fix(es): apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Affected Software
59 affected componentsFixes available
redhat/aopalliance<1.0-20.module+el8.6.0+13337+afcb49ec
1.0-20.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-cli<1.4-7.module+el8.6.0+13337+afcb49ec
1.4-7.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-codec<1.13-3.module+el8.6.0+13337+afcb49ec
1.13-3.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-io<2.6-6.module+el8.6.0+13337+afcb49ec
2.6-6.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-lang3<3.9-4.module+el8.6.0+13337+afcb49ec
3.9-4.module+el8.6.0+13337+afcb49ec
redhat/atinject<1-31.20100611svn86.module+el8.6.0+13337+afcb49ec
1-31.20100611svn86.module+el8.6.0+13337+afcb49ec
redhat/cdi-api<2.0.1-3.module+el8.6.0+13337+afcb49ec
2.0.1-3.module+el8.6.0+13337+afcb49ec
redhat/geronimo-annotation<1.0-26.module+el8.6.0+13337+afcb49ec
1.0-26.module+el8.6.0+13337+afcb49ec
redhat/google-guice<4.2.2-4.module+el8.6.0+13337+afcb49ec
4.2.2-4.module+el8.6.0+13337+afcb49ec
redhat/guava<28.1-3.module+el8.6.0+13337+afcb49ec
28.1-3.module+el8.6.0+13337+afcb49ec
redhat/httpcomponents-client<4.5.10-4.module+el8.6.0+13337+afcb49ec
4.5.10-4.module+el8.6.0+13337+afcb49ec
redhat/httpcomponents-core<4.4.12-3.module+el8.6.0+13337+afcb49ec
4.4.12-3.module+el8.6.0+13337+afcb49ec
redhat/jansi<1.18-4.module+el8.6.0+13337+afcb49ec
1.18-4.module+el8.6.0+13337+afcb49ec
redhat/jsoup<1.12.1-3.module+el8.6.0+13337+afcb49ec
1.12.1-3.module+el8.6.0+13337+afcb49ec
redhat/jsr<305-0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec
305-0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec
redhat/maven<3.6.2-7.module+el8.6.0+13337+afcb49ec
3.6.2-7.module+el8.6.0+13337+afcb49ec
redhat/maven-resolver<1.4.1-3.module+el8.6.0+13337+afcb49ec
1.4.1-3.module+el8.6.0+13337+afcb49ec
redhat/maven-shared-utils<3.2.1-0.4.module+el8.6.0+13337+afcb49ec
3.2.1-0.4.module+el8.6.0+13337+afcb49ec
redhat/maven-wagon<3.3.4-2.module+el8.6.0+13337+afcb49ec
3.3.4-2.module+el8.6.0+13337+afcb49ec
redhat/plexus-cipher<1.7-17.module+el8.6.0+13337+afcb49ec
1.7-17.module+el8.6.0+13337+afcb49ec
redhat/plexus-classworlds<2.6.0-4.module+el8.6.0+13337+afcb49ec
2.6.0-4.module+el8.6.0+13337+afcb49ec
redhat/plexus-containers<2.1.0-2.module+el8.6.0+13337+afcb49ec
2.1.0-2.module+el8.6.0+13337+afcb49ec
redhat/plexus-interpolation<1.26-3.module+el8.6.0+13337+afcb49ec
1.26-3.module+el8.6.0+13337+afcb49ec
redhat/plexus-sec-dispatcher<1.4-29.module+el8.6.0+13337+afcb49ec
1.4-29.module+el8.6.0+13337+afcb49ec
redhat/plexus-utils<3.3.0-3.module+el8.6.0+13337+afcb49ec
3.3.0-3.module+el8.6.0+13337+afcb49ec
redhat/sisu<0.3.4-2.module+el8.6.0+13337+afcb49ec
0.3.4-2.module+el8.6.0+13337+afcb49ec
redhat/slf4j<1.7.28-3.module+el8.6.0+13337+afcb49ec
1.7.28-3.module+el8.6.0+13337+afcb49ec
redhat/aopalliance<1.0-20.module+el8.6.0+13337+afcb49ec
1.0-20.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-cli<1.4-7.module+el8.6.0+13337+afcb49ec
1.4-7.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-codec<1.13-3.module+el8.6.0+13337+afcb49ec
1.13-3.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-io<2.6-6.module+el8.6.0+13337+afcb49ec
2.6-6.module+el8.6.0+13337+afcb49ec
redhat/apache-commons-lang3<3.9-4.module+el8.6.0+13337+afcb49ec
3.9-4.module+el8.6.0+13337+afcb49ec
redhat/atinject<1-31.20100611svn86.module+el8.6.0+13337+afcb49ec
1-31.20100611svn86.module+el8.6.0+13337+afcb49ec
redhat/cdi-api<2.0.1-3.module+el8.6.0+13337+afcb49ec
2.0.1-3.module+el8.6.0+13337+afcb49ec
redhat/geronimo-annotation<1.0-26.module+el8.6.0+13337+afcb49ec
1.0-26.module+el8.6.0+13337+afcb49ec
redhat/google-guice<4.2.2-4.module+el8.6.0+13337+afcb49ec
4.2.2-4.module+el8.6.0+13337+afcb49ec
redhat/guava<28.1-3.module+el8.6.0+13337+afcb49ec
28.1-3.module+el8.6.0+13337+afcb49ec
redhat/httpcomponents-client<4.5.10-4.module+el8.6.0+13337+afcb49ec
4.5.10-4.module+el8.6.0+13337+afcb49ec
redhat/httpcomponents-core<4.4.12-3.module+el8.6.0+13337+afcb49ec
4.4.12-3.module+el8.6.0+13337+afcb49ec
redhat/jansi<1.18-4.module+el8.6.0+13337+afcb49ec
1.18-4.module+el8.6.0+13337+afcb49ec
redhat/jcl-over-slf4j<1.7.28-3.module+el8.6.0+13337+afcb49ec
1.7.28-3.module+el8.6.0+13337+afcb49ec
redhat/jsoup<1.12.1-3.module+el8.6.0+13337+afcb49ec
1.12.1-3.module+el8.6.0+13337+afcb49ec
redhat/jsr<305-0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec
305-0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec
redhat/maven<3.6.2-7.module+el8.6.0+13337+afcb49ec
3.6.2-7.module+el8.6.0+13337+afcb49ec
redhat/maven-lib<3.6.2-7.module+el8.6.0+13337+afcb49ec
3.6.2-7.module+el8.6.0+13337+afcb49ec
redhat/maven-openjdk11<3.6.2-7.module+el8.6.0+13337+afcb49ec
3.6.2-7.module+el8.6.0+13337+afcb49ec
redhat/maven-openjdk17<3.6.2-7.module+el8.6.0+13337+afcb49ec
3.6.2-7.module+el8.6.0+13337+afcb49ec
redhat/maven-openjdk8<3.6.2-7.module+el8.6.0+13337+afcb49ec
3.6.2-7.module+el8.6.0+13337+afcb49ec
redhat/maven-resolver<1.4.1-3.module+el8.6.0+13337+afcb49ec
1.4.1-3.module+el8.6.0+13337+afcb49ec
redhat/maven-shared-utils<3.2.1-0.4.module+el8.6.0+13337+afcb49ec
3.2.1-0.4.module+el8.6.0+13337+afcb49ec
redhat/maven-wagon<3.3.4-2.module+el8.6.0+13337+afcb49ec
3.3.4-2.module+el8.6.0+13337+afcb49ec
redhat/plexus-cipher<1.7-17.module+el8.6.0+13337+afcb49ec
1.7-17.module+el8.6.0+13337+afcb49ec
redhat/plexus-classworlds<2.6.0-4.module+el8.6.0+13337+afcb49ec
2.6.0-4.module+el8.6.0+13337+afcb49ec
redhat/plexus-containers-component-annotations<2.1.0-2.module+el8.6.0+13337+afcb49ec
2.1.0-2.module+el8.6.0+13337+afcb49ec
redhat/plexus-interpolation<1.26-3.module+el8.6.0+13337+afcb49ec
1.26-3.module+el8.6.0+13337+afcb49ec
redhat/plexus-sec-dispatcher<1.4-29.module+el8.6.0+13337+afcb49ec
1.4-29.module+el8.6.0+13337+afcb49ec
redhat/plexus-utils<3.3.0-3.module+el8.6.0+13337+afcb49ec
3.3.0-3.module+el8.6.0+13337+afcb49ec
redhat/sisu<0.3.4-2.module+el8.6.0+13337+afcb49ec
0.3.4-2.module+el8.6.0+13337+afcb49ec
redhat/slf4j<1.7.28-3.module+el8.6.0+13337+afcb49ec
1.7.28-3.module+el8.6.0+13337+afcb49ec
Remediation
Event History
Jun 20, 2024
Advisory Published
via Red Hat·01:43 AM
Frequently Asked Questions
1
What is the severity of RHSA-2022:1860?
The severity of RHSA-2022:1860 is classified as High.
2
How do I fix RHSA-2022:1860?
To fix RHSA-2022:1860, update the affected packages to the latest recommended versions provided by Red Hat.
3
What packages are affected by RHSA-2022:1860?
Packages affected by RHSA-2022:1860 include maven, httpcomponents-client, and several apache commons libraries, among others.
4
What vulnerabilities does RHSA-2022:1860 address?
RHSA-2022:1860 addresses vulnerabilities related to the improper handling in apache-httpclient and potential implications on project security.
5
Is RHSA-2022:1860 applicable to certain OS versions?
Yes, RHSA-2022:1860 is applicable to Red Hat Enterprise Linux 8 environments.