oss-sec mailing list archives

[ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification

From: Christopher Shannon <christopher.l.shannon () gmail com>
Date: Mon, 10 Sep 2018 14:40:05 -0400

The following security vulnerability was reported against Apache
ActiveMQ 5.15.5 and older versions.

Please check the following document and see if you’re affected by the issue.

http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt

Apache ActiveMQ 5.15.6 has been released with appropriate fixes and is
available for upgrade.

Current thread:

[ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
- Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
- Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Solar Designer (Sep 10)