Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAAafH9QFUn9+sqmWs_i6XsBJdw+kPau5WePkUa_5tLfA908k-g@mail.gmail.com>
Date: Mon, 31 Aug 2020 17:03:52 -0500
From: Brandon Williams <brandonwilliams@...che.org>
To: cassandra <user@...sandra.apache.org>, dev@...sandra.apache.org
Cc: Jeremiah Jordan <jeremiah@...astax.com>, security@...che.org, 
	oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX

Versions Affected:
All versions prior to: 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2

Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;
Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to
affect confidentiality, integrity, and availability via vectors
related to JMX.   By default Cassandra only binds JMX locally.

Mitigation:
2.1.x users should upgrade to 2.1.22
2.2.x users should upgrade to 2.2.18
3.0.x users should upgrade to 3.0.22
3.11.x users should upgrade to 3.11.8
4.0-beta1 users should upgrade to 4.0-beta2

Alternatively, users can upgrade their JVM to versions after those in
the description.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.