[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 30 Jan 2016 08:27:10 +0100
From: Claus Ibsen <claus.ibsen@...il.com>
To: "users@...el.apache.org" <users@...el.apache.org>, dev <dev@...el.apache.org>,
oss-security@...ts.openwall.com, bugtraq@...urityfocus.com,
security <security@...che.org>
Subject: CVE-2015-5344 - Apache Camel medium disclosure vulnerability
Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks
Apache Camel's camel-xstream component is vulnerable to Java object
de-serialisation vulnerability.
Such as de-serializing untrusted data can lead to security flaws as
demonstrated in various similar reports about Java de-serialization
issues.
Please study this security vulnerability carefully!
CVE-2015-5344 - [1]
You can download the fixed Apache Camel 2.15.x and 2.16.x version from
the Apache mirrors [2] or from the Central Maven repository.
[1] http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803464&api=v2
[2] http://camel.apache.org/download
On behalf of the Camel PMC,
Claus Ibsen
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
