Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 17 Aug 2015 14:29:05 +0200
From: Dejan Bosanac <dejan@...httale.net>
To: "dev@...ivemq.apache.org" <dev@...ivemq.apache.org>, 
	"users@...ivemq.apache.org" <users@...ivemq.apache.org>, 
	Apache Security Response Team <security@...che.org>, oss-security@...ts.openwall.com, 
	bugtraq@...urityfocus.com
Subject: [ANNOUNCE] CVE-2015-1830 - Path traversal leading to unauthenticated
 RCE in ActiveMQ

A security vulnerabilities is reported against Apache ActiveMQ 5.11.1 and
older versions

Please check the following document and see if you’re affected

http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt

Apache ActiveMQ 5.12.0 and 5.11.2 with appropriate fixes are released and
available for upgrade. There's also a configuration workaround that
resolves the problem (described in the announcement).

Regards
--
Dejan Bosanac
about.me/dejanb

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ