SUSE-SU-2026:1396-1

Details

This update for plexus-utils fixes the following issue:

Security fixes:

CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand (bsc#1260588).

Update to version 4.0.2:

Bug Fixes

Specify /D for cmd.exe to bypass the Command Processor Autorun folder

Dependency updates

Bump org.codehaus.plexus:plexus from 17 to 18
Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1

Affected Packages

plexus-utils

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Module for Development Tools 15 SP7

Fixed in:

4.0.2-150200.3.14.1

plexus-utils-javadoc

openSUSE Leap 15.6

Fixed in:

4.0.2-150200.3.14.1

References

REPORT

https://bugzilla.suse.com/1260588

WEB

https://www.suse.com/security/cve/CVE-2025-67030

ADVISORY

https://www.suse.com/support/update/announcement/2026/suse-su-20261396-1/