geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "viola.lu (Confluence)" <conflue...@apache.org>
Subject [CONF] Apache Geronimo > 3.0.x Security Report
Date Thu, 27 Jun 2013 06:15:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/en/2176/1/1/_/styles/combined.css?spaceKey=GMOxSITE&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/GMOxSITE/3.0.x+Security+Report">3.0.x
Security Report</a></h2>
    <h4>Page  <b>added</b> by             <a href="https://cwiki.apache.org/confluence/display/~viola.lu">viola.lu</a>
    </h4>
         <br/>
    <div class="notificationGreySide">
         <h2><a name="3.0.xSecurityReport-ApacheGeronimo3.0.xvulnerabilities"></a>Apache
Geronimo 3.0.x vulnerabilities</h2>

<p>This page lists all security vulnerabilities fixed in maintenance releases or interim
builds of Apache Geronimo 3.0. Each vulnerability is given a security impact rating by either
the Apache Geronimo team or by the dependent project supplying the fix - please note that
this rating is not uniform and will vary from project to project. We also list the versions
of Apache Geronimo the flaw is known to affect, and where a flaw has not been verified list
the version with a question mark.</p>

<p>Please send comments or corrections for these vulnerabilities to the <a href="mailto:security@geronimo.apache.org"
class="external-link" rel="nofollow">Geronimo Security mailing list</a>.</p>

<ul>
	<li><a href="#3.0.xSecurityReport-300">Apache Geronimo 3.0.0</a><br
class="atl-forced-newline" /></li>
</ul>


<p><br class="atl-forced-newline" /></p>

<h2><a name="3.0.xSecurityReport-FixedinGeronimo3.0.0"></a>Fixed in Geronimo
3.0.0 <a name="3.0.xSecurityReport-221"></a></h2>

<h4><a name="3.0.xSecurityReport-CVE20131777"></a><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1717"
class="external-link" rel="nofollow">CVE-2013-1777</a> - "A problem in the RMI classloader
may enable an attacker to send a serialized object via JMX that could compromise the system."
have been fixed via <a href="https://issues.apache.org/jira/browse/GERONIMO-6253" class="external-link"
rel="nofollow">GERONIMO-6253</a>.</h4>

<p>Please visit the <a href="http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-3.0.0/RELEASE_NOTES-3.0.0.txt"
class="external-link" rel="nofollow">3.0.0 Release Notes</a> page for details on
all of the ncluded JIRAs.</p>

<h3><a name="3.0.xSecurityReport-GeronimoServer%3A"></a>Geronimo Server:</h3>


<h4><a name="3.0.xSecurityReport-CVE20131777%3ARMIclassloaderexposure."></a>CVE-2013-1777:RMI
classloader exposure.</h4>



<ul>
	<li><a href="/confluence/pages/createpage.action?spaceKey=GMOxSITE&amp;title=Geronimo+3.0.x+CVE-2013-1777+Patch+Instructions&amp;linkCreation=true&amp;fromPageId=33292888"
class="createlink">Geronimo 3.0.x CVE-2013-1777 Patch Instructions</a></li>
</ul>



<p>Affects:  3.0.0</p>





<p><br class="atl-forced-newline" /></p>
    </div>
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;" class="grey">
                        <a href="https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=GMOxSITE">Stop
watching space</a>
            <span style="padding: 0px 5px;">|</span>
                <a href="https://cwiki.apache.org/confluence/users/editmyemailsettings.action">Change
email notification preferences</a>
</div>
       <a href="https://cwiki.apache.org/confluence/display/GMOxSITE/3.0.x+Security+Report">View
Online</a>
           </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message