Linux Security
Linux Security
Linux Security

Debian LTS: DLA-2583-1: activemq security update

Date 05 Mar 2021
Posted By LinuxSecurity Advisories
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2583-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                          Abhijith PA
March 05, 2021                      
- -------------------------------------------------------------------------

Package        : activemq
Version        : 5.14.3-3+deb9u2
CVE ID         : CVE-2017-15709 CVE-2018-11775 CVE-2019-0222 
Debian Bug     : 890352 908950 982590

Multiple security issues were discovered in activemq, a message 
broker built around Java Message Service.


    When using the OpenWire protocol in activemq, it was found that 
    certain system details (such as the OS and kernel version) are 
    exposed as plain text.


    TLS hostname verification when using the Apache ActiveMQ Client 
    was missing which could make the client vulnerable to a MITM 
    attack between a Java application using the ActiveMQ client and 
    the ActiveMQ server. This is now enabled by default.


    Unmarshalling corrupt MQTT frame can lead to broker Out of Memory 
    exception making it unresponsive


    The optional ActiveMQ LDAP login module can be configured to use
    anonymous access to the LDAP server. The anonymous context is used 
    to verify a valid users password in error, resulting in no check 
    on the password.

For Debian 9 stretch, these problems have been fixed in version

We recommend that you upgrade your activemq packages.

For the detailed security status of activemq please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"69","type":"x","order":"1","pct":75.82,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"181","title":"Hardly ever","votes":"8","type":"x","order":"3","pct":8.79,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.