drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Apache
| Name: |
Zwei Probleme in Apache |
|
| ID: |
USN-7268-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 22.04 LTS |
|
| Datum: |
Fr, 14. Februar 2025, 17:08 |
|
| Referenzen: |
https://launchpad.net/ubuntu/+source/activemq/5.16.1-1ubuntu0.1
https://www.cve.org/CVERecord?id=CVE-2023-46604
https://www.cve.org/CVERecord?id=CVE-2022-41678 |
|
| Applikationen: |
Apache |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4939343704085147611==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------0wwTz0CkKG5AojFjd9PvqU9H"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------0wwTz0CkKG5AojFjd9PvqU9H
Content-Type: multipart/mixed;
boundary="------------QCIMt6lS0zTHIWThSpyU0Xc1";
protected-headers="v1"
From: Noam Nedelec-Salmon <noam.nedelecsalmon@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <ffabdc6c-7f2c-4b42-b0ca-0a6177f6ec74@canonical.com>
Subject: [USN-7268-1] Apache ActiveMQ vulnerabilities
--------------QCIMt6lS0zTHIWThSpyU0Xc1
Content-Type: multipart/mixed;
boundary="------------3oH6kcmE4ghKXi71ZDC90EVt"
--------------3oH6kcmE4ghKXi71ZDC90EVt
Content-Type: multipart/alternative;
boundary="------------2MUVDyyBfENlkIm0TCVBvYSQ"
--------------2MUVDyyBfENlkIm0TCVBvYSQ
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-7268-1
February 14, 2025
activemq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Apache ActiveMQ.
Software Description:
- activemq: Java message broker - server
Details:
It was discovered that Apache ActiveMQ incorrectly handled
authentication. A remote attacker could possibly use this issue to run
arbitrary code. (CVE-2022-41678)
It was discovered that Apache ActiveMQ incorrectly handled
deserialization. A remote attacker could possibly use this issue to run
arbitrary shell commands. (CVE-2023-46604)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
activemq 5.16.1-1ubuntu0.1
libactivemq-java 5.16.1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7268-1
CVE-2022-41678, CVE-2023-46604
Package Information:
https://launchpad.net/ubuntu/+source/activemq/5.16.1-1ubuntu0.1
--------------2MUVDyyBfENlkIm0TCVBvYSQ
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3DUTF=
-8">
</head>
<body>
<div class=3D"moz-text-plain" wrap=3D"true"
style=3D"font-family: -moz-fixed; font-size: 12px;"
lang=3D"x-unico=
de">
<pre wrap=3D""
class=3D"moz-quote-pre">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-7268-1
February 14, 2025
activemq vulnerabilities
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Apache ActiveMQ.
Software Description:
- activemq: Java message broker - server
Details:
It was discovered that Apache ActiveMQ incorrectly handled
authentication. A remote attacker could possibly use this issue to run
arbitrary code. (CVE-2022-41678)
It was discovered that Apache ActiveMQ incorrectly handled
deserialization. A remote attacker could possibly use this issue to run
arbitrary shell commands. (CVE-2023-46604)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
activemq 5.16.1-1ubuntu0.1
libactivemq-java 5.16.1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.=
References:
<a class=3D"moz-txt-link-freetext"
href=3D"https://ubuntu.com/security/notices/USN-7268-1">https://ubu=
ntu.com/security/notices/USN-7268-1</a>
CVE-2022-41678, CVE-2023-46604
Package Information:
<a class=3D"moz-txt-link-freetext"
href=3D"https://launchpad.net/ubuntu/+source/activemq/5.16.1-1ubuntu0.1">=
https://launchpad.net/ubuntu/+source/activemq/5.16.1-1ubuntu0.1</a>
</pre>
</div>
</body>
</html>
--------------2MUVDyyBfENlkIm0TCVBvYSQ--
--------------3oH6kcmE4ghKXi71ZDC90EVt
Content-Type: application/pgp-keys;
name="OpenPGP_0x35FCC89DFD3791C1.asc"
Content-Disposition: attachment;
filename="OpenPGP_0x35FCC89DFD3791C1.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGcM+UsBEACnxIX3dF12qyB4OKisrt1o7TWw/2QPjdzEQCyPhg4EI0SQocv1
A9HjQChQzbXVzEWPNStrsp3NqGv/GPgiICCRCR+wZbWMMKVz5QhEuVtm18399ERz
GAZ6L+2//ZQfUrTIJF9edZpK+KysNGag5qyUFTOu9auDqIJ/PJPkX/tEL2vx3DE0
OtQZmBxmKinOdzAA+kct3xf2FaAIQoSq/gRIeFS3zCQgOvncIs8WGcS/ZOQNhrLq
ULFIayVOjmx0GEjvOWe9Fp883v20p2Fxf9qDPpyX5lVE2/Uu/GOhK5IPQH5ls688
E/KjXgi1Kw1SLcrAIjOk3JjWXzcV5og/flNqaKkqnSpRQ/up2NeQukSTkqLSZvyK
hjnpyGjosbjdIVQ2lqjz2S94pDHaOCjROpS9WDXAhQscL07xa1ld5d0E2BCAD3YO
d+Q6zVGrWAh3GhBBQm9XWCBJlrXHO03dHI4VXgnYC3zHyW6BSMhmEH4aepcCK/NA
U7WCvf8QcLiWwy2qVwlgrVr2GfjP1HG16UZlWXQD6Ooxbrmw7nZr/LAk6bSEjNzV
O3vROUk7drdmq4VN+2tZHnsnGFXzIwLvHNbwVSzv3FfRLt6uLC8EifrFysJ4yJIz
3C80qa1i1VfSAjw1uVe4sTBKXo4Ap1BFia+S07EMgSWdkV5oQz2b3Jr9cQARAQAB
zTZOb2FtIE5lZGVsZWMtU2FsbW9uIDxub2FtLm5lZGVsZWNzYWxtb25AY2Fub25p
Y2FsLmNvbT7CwZEEEwEKADsWIQSKjhLfH3pjEbIqx+Q1/Mid/TeRwQUCZwz5SwIb
AwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRA1/Mid/TeRwU2rEACFY4wW
Q2gXo1Hw/wkMsjVD1HqUqtPB9KBs+1+nvGOXjmgsszaRSNAlYUAQElRDYyBON2PB
O34TPV9e7KdW4vJSWFgP8En2kA613W/MJsW7hwH3M5cqBJucwyfCqFryzk0vJ6Jr
ZNjUlRr3dPYQ5calEdn5aQBD4AkY58liC2kOYC1DTe4iA1Zqxu+kapN36PwEPT7u
QQ22ssqKtR2DzGj7erZpfGfkEBI142FUfPtbfYu4UbGcXi86Tvf19Qc/GivLDuTJ
aNYrIQNDk7I4vwXpl2TvK6u5u+2PX0MGRQ8HNztieB5FiXtkoG8/fVoTlmySK6yq
4qq4Kv4HuKVd+1YAXFGMdyAc1fruXDeO4Ne/06yLEfXZUSAV/It4Rk38ad4gwRsb
eCS0C3/DXNXw9W2Dd4cOmn9YQx3QXynVrKOHi05IZUryCRyrhPfD/gJq0BtWc7PZ
gOPTMbCZuaDnT4kQso2OPunL3QKqgCRa1JnRV11JQ344jZYMqf/C7opH/v+QBAVg
V2XCfkcyVk8Ikiyr8FRA24noAYCPqgovrhabpLVcKpQ0ulcTiwIiIBkA8OfZV9cG
9pEmHiaEsHiUm/yoJ5j/zWytM8jyoZdfKjt76gIpIOwx90okD2qNU4I9GC6LtnX6
hA6TCRBVnv9kmMuhv0dmiiQqX4aAj9J8W2xLHc7BTQRnDPlLARAAyfXjcjkjx/FM
13ptrTyqajvVAmkidTo0PhJgl0boDB5TGSIfGY9+ta2z8Awqb3xtwZ2L5GLdJXQq
LV3/VGK0D++X/icGNT+7xgynmUEHmneEHBXlGUcOr3SU8kcd6OV2CNu8AmrCvktP
1zqYBbJ5hFyuaZvTGeM9AHMhyHJddd5vDVBJN8geVHUDuyzAIk31l+m0LWPGR3TA
/WtqMQOpfYVDbh7r1p9SkTcjJLEIeuo4Whrn7Y5QRkF2KXvj/F5xWyCQtYEqSyGF
o9XLXqhb7sxCYEzBQc/7wrXh84dU+Rd3FgKKeOxX2HVchauJgX8fsbS6NaMfvkVJ
fzTzHKfJ8NtqmxA6yMpMdfrS+mFSIxm/Nb7N3VmWNZhbWbp4ueUXd1YHyhy+Xkad
ti/E/GyVBACOZKTKT7pYk088heDpz6TVafWa2keC5VJq2htgKr4yyXTp/9PyN8Mx
jmbqcwApEHUmata4PSWk3XvdKCo+742fIJQGV/pel+V0/iyqwg/Gcv/sek3gCK1X
NLWp9ZJBmIVNXtKpaAq/R04v7AIm2O/LQ5b/0m4KTzRJwgO8hDU25DTqOjbZbumo
qI3H8w+pTM4Jm9zwoN6fsoZN3oRLjh+6BFeD77C6sAK87TAIrgywvRcWjm4OeOwL
dUoApFez6mF4ebHUtsjNWSo2Xun27q0AEQEAAcLBdgQYAQoAIBYhBIqOEt8femMR
sirH5DX8yJ39N5HBBQJnDPlLAhsMAAoJEDX8yJ39N5HBqEkQAJAxb5ecILu4MXww
Wg7qyMNFmXd2fU3rfDzUyN8gPCLjbloc6GAi/IgeSx3HMI0igeuX5zTwu2cOdnmY
4nFn4Ochi5ln+Uotc6cNJPhHkdIq/Xwyx7tEtXDn/KNZay7T3g8mci2cFKtQQuLZ
Fmkp7E5ADKfHa6IfhOzUFJAk0sH9dxyIZuvUCCY2Ib89fy8/wDcUglsLHzir1pIX
FFTTmIzu6bnjUDrGNR8kIq8qVuAM0rOqUHc8nLbyHEhNvdxNDAAT7zm4Oz2oELZs
Oua49hJ6YW74gtBeizQR6WM1tD7BJbUrvWfw6j+vifYmkzeoZpIA6/qtLje1ytia
HJHknvXuim5MzF7IO0xgm1/zXEhVvQkV1PxXsIccKtV3cMZ7tqHu+9u6+MVRKvG2
UdhdKHJOLnHZTfcx6eUWr5wvVtJHrHg2WpczbxRIv5FM4MAhiuk22eKqyQ+57092
oQzTH3cUb8kfgzC8zONMg3aMkiUmoGjvG81CJ5CZLmsMJTnlDvnb4rJ4jeU8HVf4
/hXJxBJnz9OEamU0w0qr57p1oRj22bt+wNlTE63A13YNznxinJ48Fa4nXZQZEyJi
BFcZwfRKMHtbX/pQc07XJuCqF+AAEC23yxDz5WRncN3EVBmII0SCOaZGQ4mIdh0H
i20vXIyHZEv45UkTIVnfRvrbetiE
=3DuUCC
-----END PGP PUBLIC KEY BLOCK-----
--------------3oH6kcmE4ghKXi71ZDC90EVt--
--------------QCIMt6lS0zTHIWThSpyU0Xc1--
--------------0wwTz0CkKG5AojFjd9PvqU9H
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEio4S3x96YxGyKsfkNfzInf03kcEFAmevI1cFAwAAAAAACgkQNfzInf03kcF4
oRAAjIB+N8agxHo4w6N/+YzwQENMSscHeCRP9WmBqOuaQLHJpJ4jv5veXHFaHM8VbFIqypNHSDSU
v5wF+EV9KN+gf4wpzWDwbledU1/cAhmRLLsg4r3auITzb02HJ1asWs5IYpcBhmB28B3/OXRnnp3R
ErU1Kf443bAvmPtnEs8wBALoXuim/D2epjhxyunY6a8lS39FNhWrVQZTElJo/vvOuL9Rxs3rJm/j
iYr1ZvLJynuRNqsTgmfthzANIPJ9yAC68KvEyRpJh6Ozxwxhv+FhPclxaCp3B9A7gJDw5yCVONUZ
4DvE3U0FWbOLl4Z3/3YKEDQ7+bblrZLeTrmnkfg+9l/yeN1is0kNbCd0Z81Y5pxGYZj2VCOxAShM
LDYBh5FZBf4gMm/ZSXV3NE3wo6J97PczvWQbByBAyvLCPzd1mlAhNJwxN0Fz4ef49stvuag/h29y
2lKYYcSj5eqwSmhIk50SfJRGbn3sH2blJyjXzvLi5ztNEu7F+61M0V++d+rBWaVl9L4v8l4k5Qx2
/SPn+Lnk8CzusOEO87z5IZGRs6N53cqkTfnlT44+ls53SPRKerdaHS3PvG0jYGAz48+HCaTWE2Yw
qEVBpCFPU9CSFJhRCL3hEjmgK4cFmiwXoXroQ6Cu3zA/rtRUWfWNPgo5yFJOenD09pFEW+F6k3ab
PgI=
=qFVw
-----END PGP SIGNATURE-----
--------------0wwTz0CkKG5AojFjd9PvqU9H--
--===============4939343704085147611==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============4939343704085147611==--
|
|
|
|
