[ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities

dejanb
There have been a several security vulnerabilities reported against Apache
ActiveMQ 5.10.0 and older versions.

Please check the following documents and see if you’re affected by them

http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt

Apache ActiveMQ 5.10.1 and 5.11.0 with appropriate fixes are released and
available for upgrade

Regards
--
Dejan Bosanac
----------------------
Red Hat, Inc.
[hidden email]
Twitter: @dejanb
Blog: http://sensatic.net
ActiveMQ in Action: http://www.manning.com/snyder/
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities

oliverd
Hi Dejan,

could you point to related JIRA items which address these fixes or point to the code, classes which were changed? This would allow for a local downport to older releases?

Regards, Oliver
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities

dejanb
Hi Oliver,

yes, this is the next step in the process. I’ll send links when it’s done.

Regards
--
Dejan Bosanac
----------------------
Red Hat, Inc.
[hidden email]
Twitter: @dejanb
Blog: http://sensatic.net
ActiveMQ in Action: http://www.manning.com/snyder/

On Thu, Feb 5, 2015 at 3:56 PM, oliverd <[hidden email]> wrote:

> Hi Dejan,
>
> could you point to related JIRA items which address these fixes or point to
> the code, classes which were changed? This would allow for a local downport
> to older releases?
>
> Regards, Oliver
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/ANNOUNCE-CVE-2014-3600-CVE-2014-3612-and-CVE-2014-8110-Apache-ActiveMQ-vulnerabilities-tp4691096p4691103.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
Reply | Threaded
Open this post in threaded view
|

Re: [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities

dejanb
Hi Oliver,

I updated relevant Jiras

https://issues.apache.org/jira/browse/APLO-366
https://issues.apache.org/jira/browse/AMQ-5333
https://issues.apache.org/jira/browse/AMQ-5033
https://issues.apache.org/jira/browse/AMQ-5345



Regards
--
Dejan Bosanac
----------------------
Red Hat, Inc.
[hidden email]
Twitter: @dejanb
Blog: http://sensatic.net
ActiveMQ in Action: http://www.manning.com/snyder/

On Thu, Feb 5, 2015 at 4:25 PM, Dejan Bosanac <[hidden email]> wrote:

> Hi Oliver,
>
> yes, this is the next step in the process. I’ll send links when it’s done.
>
> Regards
> --
> Dejan Bosanac
> ----------------------
> Red Hat, Inc.
> [hidden email]
> Twitter: @dejanb
> Blog: http://sensatic.net
> ActiveMQ in Action: http://www.manning.com/snyder/
>
> On Thu, Feb 5, 2015 at 3:56 PM, oliverd <[hidden email]>
> wrote:
>
>> Hi Dejan,
>>
>> could you point to related JIRA items which address these fixes or point
>> to
>> the code, classes which were changed? This would allow for a local
>> downport
>> to older releases?
>>
>> Regards, Oliver
>>
>>
>>
>> --
>> View this message in context:
>> http://activemq.2283324.n4.nabble.com/ANNOUNCE-CVE-2014-3600-CVE-2014-3612-and-CVE-2014-8110-Apache-ActiveMQ-vulnerabilities-tp4691096p4691103.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>
>