Debian Security Advisory

DSA-3524-1 activemq -- security update

Date Reported:
20 Mar 2016
Affected Packages:
activemq
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-5254.
More information:

It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation. For additional information, please refer to the upstream advisory at http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt.

For the oldstable distribution (wheezy), this problem has been fixed in version 5.6.0+dfsg-1+deb7u2.

For the stable distribution (jessie), this problem has been fixed in version 5.6.0+dfsg1-4+deb8u2.

For the testing distribution (stretch), this problem has been fixed in version 5.13.2+dfsg-1.

For the unstable distribution (sid), this problem has been fixed in version 5.13.2+dfsg-1.

We recommend that you upgrade your activemq packages.