RedHat: RHSA-2019-0886-01 Important: AMQ Clients 2.3.1 TLS Issue
red hat
April 25, 2019
Updated Red Hat AMQ Clients 2.3.1 packages are now available
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Summary
Red Hat AMQ Clients enable connecting, sending, and receiving messages over
the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
This update provides various bug fixes and enhancements in addition to the
client package versions previously released on Red Hat Enterprise Linux 6
and 7.
Security Fix(es):
* qpid-proton: TLS Man in the Middle Vulnerability (CVE-2019-0223)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
References
https://access.redhat.com/security/cve/CVE-2019-0223 https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/en/documentation/red_hat_amq/2021.q4/
Package List
6Client-AMQ-Clients-2:
Source:
qpid-proton-0.27.0-3.el6.src.rpm
i386:
python-qpid-proton-0.27.0-3.el6.i686.rpm
qpid-proton-c-0.27.0-3.el6.i686.rpm
qpid-proton-c-devel-0.27.0-3.el6.i686.rpm
qpid-proton-cpp-0.27.0-3.el6.i686.rpm
qpid-proton-cpp-devel-0.27.0-3.el6.i686.rpm
qpid-proton-debuginfo-0.27.0-3.el6.i686.rpm
noarch:
python-qpid-proton-docs-0.27.0-3.el6.noarch.rpm
qpid-proton-c-docs-0.27.0-3.el6.noarch.rpm
qpid-proton-cpp-docs-0.27.0-3.el6.noarch.rpm
qpid-proton-tests-0.27.0-3.el6.noarch.rpm
x86_64:
python-qpid-proton-0.27.0-3.el6.x86_64.rpm
qpid-proton-c-0.27.0-3.el6.x86_64.rpm
qpid-proton-c-devel-0.27.0-3.el6.x86_64.rpm
qpid-proton-cpp-0.27.0-3.el6.x86_64.rpm
qpid-proton-cpp-devel-0.27.0-3.el6.x86_64.rpm
qpid-proton-debuginfo-0.27.0-3.el6.x86_64.rpm
6ComputeNode-AMQ-Clients-2:
Source:
qpid-proton-0.27.0-3.el6.src.rpm
noarch:
python-qpid-proton-docs-0.27.0-3.el6.noarch.rpm
qpid-proton-c-docs-0.27.0-3.el6.noarch.rpm
qpid-proton-cpp-docs-0.27.0-3.el6.noarch.rpm
qpid-proton-tests-0.27.0-3.el6.noarch.rpm
x86_64:
python-qpid-proton-0.27.0-3.el6.x86_64.rpm
qpid-proton-c-0.27.0-3.el6.x86_64.rpm
qpid-proton-c-devel-0.27.0-3.el6.x86_64.rpm
qpid-proton-cpp-0.27.0-3.el6.x86_64.rpm
qpid-proton-cpp-devel-0.27.0-3.el6.x86_64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2019:0886-01
Product: Red Hat AMQ Clients
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0886
Issue date: 2019-04-25
Topic
Updated Red Hat AMQ Clients 2.3.1 packages are now available.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
6Client-AMQ-Clients-2 - i386, noarch, x86_64
6ComputeNode-AMQ-Clients-2 - noarch, x86_64
6Server-AMQ-Clients-2 - i386, noarch, x86_64
6Workstation-AMQ-Clients-2 - i386, noarch, x86_64
7Client-AMQ-Clients-2 - noarch, x86_64
7ComputeNode-AMQ-Clients-2 - noarch, x86_64
7Server-AMQ-Clients-2 - noarch, x86_64
7Workstation-AMQ-Clients-2 - noarch, x86_64
Bugs Fixed
1702439 - CVE-2019-0223 qpid-proton: TLS Man in the Middle Vulnerability
6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):
ENTMQCL-1294 - CVE-2019-0223: qpid-proton: TLS Man in the Middle Vulnerability [amq-cl-2]
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!