[ALSA-2026:38514] Important: plexus-utils security update
Type:
security
Severity:
important
Release date:
2026-07-14
Description:
The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an application server which is like a J2EE application server, without all the baggage. Security Fix(es): * org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method (CVE-2025-67030) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
noarch plexus-utils-javadoc-3.5.1-9.el10_2.noarch.rpm 046d045fce643909feecc9e8b368b5978198541c747268014c772e7983fa2b97
noarch plexus-utils-3.5.1-9.el10_2.noarch.rpm 0e05d395f8b55a153026dfa3c8010ad4245d0439c34d80e42db758da41ab8738
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.