lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 7 Aug 2015 23:08:36 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3330-1] activemq security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3330-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 07, 2015                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : activemq
CVE ID         : CVE-2014-3576

It was discovered that the Apache ActiveMQ message broker is susceptible
to denial of service through an undocumented, remote shutdown command. 

For the oldstable distribution (wheezy), this problem has been fixed
in version 5.6.0+dfsg-1+deb7u1. This update also fixes CVE-2014-3612
and CVE-2014-3600.

For the stable distribution (jessie), this problem has been fixed in
version 5.6.0+dfsg1-4+deb8u1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your activemq packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVxR37AAoJEBDCk7bDfE420iYQALXVgHsqJsK05C4zYcWQhj7F
5n/qUb6Jg4+hnSddz7Le4JBpTSjhYOLqkwmAoAp0GqfC9gk7lf9OIMztDQWg9sIB
SvBkVt2LHuBygxqpNS6JDfT6Y/GhfOP2FaZyX33Gwcc1jwaJKCcyyB5qF3oM6atd
u+AHkRYYtWd286+D0FmWRYeGuz5JA5qoNW7Cnf3z1rlFgg7OpftDkp72zSFl+hOt
WjFJvfFBCO9gXbFlugtgsuJhdV4Sg9tiAzLVU79H0df/Cy4YcOZkLqgpVNM9NxVf
XnpYOrPYv/e1TIcDka5H/NQV3ZrwZ/g7n9QSkm+d9+PDiGt0l4LqaQn9Vg1eVnXN
aZ3bsa0jdXnneOzmIVNDTozO7RANrtXGnvE2txiYyY4Kfn9myvm7hKg01xGcG4rU
4/i08+B1F+fiWx09UGuXJxQYy2M5+jk3wPf5VwPwQrOswFRMZ/nay2ZaIQT2SM7m
QzcknHS8hcC4v7QYBp6lMx0WDbUGfW3oz8WvvS/wt2uphyQJCrTYpKDtxEMdHY9P
4dpyt+oh3X7eSS0/r7LFZ36wwoxSPSDxvJ5W4dG2wlxT65wvk+Hglda/iMSGHaLI
ynszSWFDBPLI3CBYz3+/lCl65pjtoE3G52dei0LWBQm93HD2wHoe/qqUg3P4AWOo
u79kh/xHLctqNX70fPvz
=dN8D
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ