Security Information / 2016 / Security Information -- DSA-3524-1 activemq

Debian Security Advisory

DSA-3524-1 activemq -- security update

Date Reported:

20 Mar 2016

Affected Packages:

activemq

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-5254.

More information:

It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation. For additional information, please refer to the upstream advisory at http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt.

For the oldstable distribution (wheezy), this problem has been fixed in version 5.6.0+dfsg-1+deb7u2.

For the stable distribution (jessie), this problem has been fixed in version 5.6.0+dfsg1-4+deb8u2.

For the testing distribution (stretch), this problem has been fixed in version 5.13.2+dfsg-1.

For the unstable distribution (sid), this problem has been fixed in version 5.13.2+dfsg-1.

We recommend that you upgrade your activemq packages.