Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 22.04 LTS: USN-6910-1 Critical: Apache ActiveMQ Security Issues

ubuntu
Calendar Grey July 23, 2024
Dist Ubuntu Esm H88
A series of security flaws have been addressed within Apache ActiveMQ on various Ubuntu LTS distributions. Discover the particulars of these updates.
Several security issues were fixed in Apache ActiveMQ.

Summary

Several security issues were fixed in Apache ActiveMQ.

Software Description:

- activemq: Java message broker - server

Details:

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain

commands. A remote attacker could possibly use this issue to terminate

the program, resulting in a denial of service. This issue only affected

Ubuntu 16.04 LTS. (CVE-2015-7559)

Peter Stöckli discovered that Apache ActiveMQ incorrectly handled

hostname verification. A remote attacker could possibly use this issue

to perform a person-in-the-middle attack. This issue only affected Ubuntu

16.04 LTS. (CVE-2018-11775)

Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache

ActiveMQ incorrectly handled authentication in certain functions.

A remote attacker could possibly use this issue to perform a

person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,

Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)

Gregor Tudan discovered t...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   activemq                        5.16.1-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   libactivemq-java                5.16.1-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   activemq                        5.15.11-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   libactivemq-java                5.15.11-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   activemq                        5.15.8-2~18.04.1~esm1
                                   Available with Ubuntu Pro
   libactivemq-java                5.15.8-2~18.04.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   activemq                        5.13.2+dfsg-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   libactivemq-java                5.13.2+dfsg-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6910-1

CVE-2015-7559, CVE-2018-11775, CVE-2020-13920, CVE-2021-26117,

CVE-2022-41678, CVE-2023-46604

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6910-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here