-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Enterprise MRG Management Console security update
Advisory ID:       RHSA-2012:0477-01
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://access.redhat.com/errata/RHSA-2012:0477.html
Issue date:        2012-04-12
CVE Names:         CVE-2012-1575 
====================================================================
1. Summary:

An updated MRG Management Console package that fixes several security
issues is now available for Red Hat Enterprise MRG 2 for Red Hat
Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

MRG Grid for RHEL 6 Server v.2 - noarch
MRG Management for RHEL 6 Server v.2 - noarch

3. Description:

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

Several cross-site scripting (XSS) flaws were found in the MRG Management
Console (Cumin). An authorized user on the local network could use these
flaws to perform cross-site scripting attacks against MRG Management
Console users. Note: Refer to the MRG Messaging User Guide for information
on configuring authentication and authorization in the MRG Messaging
broker. (CVE-2012-1575)

Users of Red Hat Enterprise MRG Management Console are advised to upgrade
to this updated package, which corrects these issues. The MRG Management
Console must be restarted ("service cumin restart") for this update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

805712 - CVE-2012-1575 cumin: multiple XSS flaws

6. Package List:

MRG Grid for RHEL 6 Server v.2:

Source:

noarch:
cumin-0.1.5192-5.el6.noarch.rpm

MRG Management for RHEL 6 Server v.2:

Source:

noarch:
cumin-0.1.5192-5.el6.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-1575.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/search/

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPhwWWXlSAg2UNWIIRAmJuAKCPwJ8b+Vgux4L3oF5vsGXo9B0L1wCghqmJ
9aFT9+Oxgy2xytiEgkYlZto=0WdP
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

RedHat: RHSA-2012-0477:01 Moderate: Red Hat Enterprise MRG Management

An updated MRG Management Console package that fixes several security issues is now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6

Summary

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers.
Several cross-site scripting (XSS) flaws were found in the MRG Management Console (Cumin). An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users. Note: Refer to the MRG Messaging User Guide for information on configuring authentication and authorization in the MRG Messaging broker. (CVE-2012-1575)
Users of Red Hat Enterprise MRG Management Console are advised to upgrade to this updated package, which corrects these issues. The MRG Management Console must be restarted ("service cumin restart") for this update to take effect.



Summary


Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

References

https://www.redhat.com/security/data/cve/CVE-2012-1575.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/search/

Package List

MRG Grid for RHEL 6 Server v.2:
Source:
noarch: cumin-0.1.5192-5.el6.noarch.rpm
MRG Management for RHEL 6 Server v.2:
Source:
noarch: cumin-0.1.5192-5.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package


Severity
Advisory ID: RHSA-2012:0477-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://access.redhat.com/errata/RHSA-2012:0477.html
Issued Date: : 2012-04-12
CVE Names: CVE-2012-1575

Topic

An updated MRG Management Console package that fixes several securityissues is now available for Red Hat Enterprise MRG 2 for Red HatEnterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.


Topic


 

Relevant Releases Architectures

MRG Grid for RHEL 6 Server v.2 - noarch

MRG Management for RHEL 6 Server v.2 - noarch


Bugs Fixed

805712 - CVE-2012-1575 cumin: multiple XSS flaws


Related News

22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved