You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Dejan Bosanac <de...@nighttale.net> on 2015/02/05 15:32:00 UTC
[ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache
ActiveMQ vulnerabilities
There have been a several security vulnerabilities reported against Apache
ActiveMQ 5.10.0 and older versions.
Please check the following documents and see if you’re affected by them
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
Apache ActiveMQ 5.10.1 and 5.11.0 with appropriate fixes are released and
available for upgrade
Regards
--
Dejan Bosanac
----------------------
Red Hat, Inc.
dbosanac@redhat.com
Twitter: @dejanb
Blog: http://sensatic.net
ActiveMQ in Action: http://www.manning.com/snyder/
Re: [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 -
Apache ActiveMQ vulnerabilities
Posted by Dejan Bosanac <de...@nighttale.net>.
Hi Oliver,
I updated relevant Jiras
https://issues.apache.org/jira/browse/APLO-366
https://issues.apache.org/jira/browse/AMQ-5333
https://issues.apache.org/jira/browse/AMQ-5033
https://issues.apache.org/jira/browse/AMQ-5345
Regards
--
Dejan Bosanac
----------------------
Red Hat, Inc.
dbosanac@redhat.com
Twitter: @dejanb
Blog: http://sensatic.net
ActiveMQ in Action: http://www.manning.com/snyder/
On Thu, Feb 5, 2015 at 4:25 PM, Dejan Bosanac <de...@nighttale.net> wrote:
> Hi Oliver,
>
> yes, this is the next step in the process. I’ll send links when it’s done.
>
> Regards
> --
> Dejan Bosanac
> ----------------------
> Red Hat, Inc.
> dbosanac@redhat.com
> Twitter: @dejanb
> Blog: http://sensatic.net
> ActiveMQ in Action: http://www.manning.com/snyder/
>
> On Thu, Feb 5, 2015 at 3:56 PM, oliverd <ol...@hotmail.com>
> wrote:
>
>> Hi Dejan,
>>
>> could you point to related JIRA items which address these fixes or point
>> to
>> the code, classes which were changed? This would allow for a local
>> downport
>> to older releases?
>>
>> Regards, Oliver
>>
>>
>>
>> --
>> View this message in context:
>> http://activemq.2283324.n4.nabble.com/ANNOUNCE-CVE-2014-3600-CVE-2014-3612-and-CVE-2014-8110-Apache-ActiveMQ-vulnerabilities-tp4691096p4691103.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>
>
Re: [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 -
Apache ActiveMQ vulnerabilities
Posted by Dejan Bosanac <de...@nighttale.net>.
Hi Oliver,
yes, this is the next step in the process. I’ll send links when it’s done.
Regards
--
Dejan Bosanac
----------------------
Red Hat, Inc.
dbosanac@redhat.com
Twitter: @dejanb
Blog: http://sensatic.net
ActiveMQ in Action: http://www.manning.com/snyder/
On Thu, Feb 5, 2015 at 3:56 PM, oliverd <ol...@hotmail.com> wrote:
> Hi Dejan,
>
> could you point to related JIRA items which address these fixes or point to
> the code, classes which were changed? This would allow for a local downport
> to older releases?
>
> Regards, Oliver
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/ANNOUNCE-CVE-2014-3600-CVE-2014-3612-and-CVE-2014-8110-Apache-ActiveMQ-vulnerabilities-tp4691096p4691103.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
Re: [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 -
Apache ActiveMQ vulnerabilities
Posted by oliverd <ol...@hotmail.com>.
Hi Dejan,
could you point to related JIRA items which address these fixes or point to
the code, classes which were changed? This would allow for a local downport
to older releases?
Regards, Oliver
--
View this message in context: http://activemq.2283324.n4.nabble.com/ANNOUNCE-CVE-2014-3600-CVE-2014-3612-and-CVE-2014-8110-Apache-ActiveMQ-vulnerabilities-tp4691096p4691103.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.