-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: AMQ Clients 2.6.0 Release
Advisory ID:       RHSA-2020:0601-01
Product:           Red Hat AMQ Clients
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0601
Issue date:        2020-02-25
CVE Names:         CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 
====================================================================
1. Summary:

An update is now available for Red Hat AMQ Clients 2.6.0. Red Hat Product
Security has rated this update as having a security impact of Important.

A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

2. Relevant releases/architectures:

6Client-AMQ-Clients-2 - i386, noarch, x86_64
6ComputeNode-AMQ-Clients-2 - noarch, x86_64
6Server-AMQ-Clients-2 - i386, noarch, x86_64
6Workstation-AMQ-Clients-2 - i386, noarch, x86_64
7Client-AMQ-Clients-2 - noarch, x86_64
7ComputeNode-AMQ-Clients-2 - noarch, x86_64
7Server-AMQ-Clients-2 - noarch, x86_64
7Workstation-AMQ-Clients-2 - noarch, x86_64
8Base-AMQ-Clients-2 - noarch, x86_64

3. Description:

Red Hat AMQ Clients enable connecting, sending, and receiving messages over
the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.

This update provides various bug fixes and enhancements in addition to the
client package versions previously released on Red Hat Enterprise Linux 6,
7, and 8.

Security Fix(es):

* netty: HTTP request smuggling (CVE-2019-20444)

* netty: HttpObjectDecoder.java allows Content-Length header to accompanied
by second Content-Length header (CVE-2019-20445)

* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
mishandling (CVE-2020-7238)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
1798524 - CVE-2019-20444 netty: HTTP request smuggling

6. JIRA issues fixed (https://issues.redhat.com/):

ENTMQCL-1075 - [python] Example broker.py is using collections.deque.count from Python 2.7
ENTMQCL-1076 - [python] Example abstract_server.py is using relative import
ENTMQCL-1246 - [python] Install egg-info directory
ENTMQCL-1287 - [python] Read a config file to get default connection parameters (Windows)
ENTMQCL-1322 - amqpnetlite-sdk-2.1.6 does not export resource strings
ENTMQCL-1361 - [python] Convert strings in the API to AMQP symbols where required
ENTMQCL-1364 - [python] P2P detach frame not received results in connection aborted
ENTMQCL-1578 - [python] qpid-proton-0.28.0-1.el7 leaks memory
ENTMQCL-1583 - [doc] Broken links in rh-messaging/amq-docs master
ENTMQCL-1635 - [javascript] File-based connection configuration can't use named ports
ENTMQCL-1641 - [dotnet] Update AMQ .NET Client based on amqpnetlite 2.2
ENTMQCL-1679 - [python] HOME location of file-based connection configuration does not point to HOME location
ENTMQCL-1717 - [python] Default port should be amqps
ENTMQCL-1726 - [jms] Improve performance when using simulated anonymous producersENTMQCL-1781 - Established connections are aborted after the system clock is shifted forward
ENTMQCL-1818 - [javascript] npm install fails due to missing configuration file for ESLint 
ENTMQCL-1835 - [jms] client-ack consumers don't increment remote delivery count on closure after fresh recover

7. Package List:

6Client-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-4.el6_10.src.rpm

i386:
python-qpid-proton-0.30.0-4.el6_10.i686.rpm
qpid-proton-c-0.30.0-4.el6_10.i686.rpm
qpid-proton-c-devel-0.30.0-4.el6_10.i686.rpm
qpid-proton-cpp-0.30.0-4.el6_10.i686.rpm
qpid-proton-cpp-devel-0.30.0-4.el6_10.i686.rpm
qpid-proton-debuginfo-0.30.0-4.el6_10.i686.rpm

noarch:
python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm

6ComputeNode-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-4.el6_10.src.rpm

noarch:
python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm

6Server-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-4.el6_10.src.rpm

i386:
python-qpid-proton-0.30.0-4.el6_10.i686.rpm
qpid-proton-c-0.30.0-4.el6_10.i686.rpm
qpid-proton-c-devel-0.30.0-4.el6_10.i686.rpm
qpid-proton-cpp-0.30.0-4.el6_10.i686.rpm
qpid-proton-cpp-devel-0.30.0-4.el6_10.i686.rpm
qpid-proton-debuginfo-0.30.0-4.el6_10.i686.rpm

noarch:
python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm

6Workstation-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-4.el6_10.src.rpm

i386:
python-qpid-proton-0.30.0-4.el6_10.i686.rpm
qpid-proton-c-0.30.0-4.el6_10.i686.rpm
qpid-proton-c-devel-0.30.0-4.el6_10.i686.rpm
qpid-proton-cpp-0.30.0-4.el6_10.i686.rpm
qpid-proton-cpp-devel-0.30.0-4.el6_10.i686.rpm
qpid-proton-debuginfo-0.30.0-4.el6_10.i686.rpm

noarch:
python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm
qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm

7Client-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-2.el7.src.rpm
rubygem-qpid_proton-0.30.0-1.el7.src.rpm

noarch:
python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-tests-0.30.0-2.el7.noarch.rpm
rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm
rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm

7ComputeNode-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-2.el7.src.rpm
rubygem-qpid_proton-0.30.0-1.el7.src.rpm

noarch:
python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-tests-0.30.0-2.el7.noarch.rpm
rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm
rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm

7Server-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-2.el7.src.rpm
rubygem-qpid_proton-0.30.0-1.el7.src.rpm

noarch:
python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-tests-0.30.0-2.el7.noarch.rpm
rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm
rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm

7Workstation-AMQ-Clients-2:

Source:
qpid-proton-0.30.0-2.el7.src.rpm
rubygem-qpid_proton-0.30.0-1.el7.src.rpm

noarch:
python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm
qpid-proton-tests-0.30.0-2.el7.noarch.rpm
rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm

x86_64:
python-qpid-proton-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-0.30.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm
rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm

8Base-AMQ-Clients-2:

Source:
nodejs-rhea-1.0.16-1.el8.src.rpm
qpid-proton-0.30.0-3.el8.src.rpm
rubygem-qpid_proton-0.30.0-1.el8.src.rpm

noarch:
nodejs-rhea-1.0.16-1.el8.noarch.rpm
python-qpid-proton-docs-0.30.0-3.el8.noarch.rpm
qpid-proton-c-docs-0.30.0-3.el8.noarch.rpm
qpid-proton-cpp-docs-0.30.0-3.el8.noarch.rpm
qpid-proton-tests-0.30.0-3.el8.noarch.rpm
rubygem-qpid_proton-doc-0.30.0-1.el8.noarch.rpm

x86_64:
python3-qpid-proton-0.30.0-3.el8.x86_64.rpm
python3-qpid-proton-debuginfo-0.30.0-3.el8.x86_64.rpm
qpid-proton-c-0.30.0-3.el8.x86_64.rpm
qpid-proton-c-debuginfo-0.30.0-3.el8.x86_64.rpm
qpid-proton-c-devel-0.30.0-3.el8.x86_64.rpm
qpid-proton-cpp-0.30.0-3.el8.x86_64.rpm
qpid-proton-cpp-debuginfo-0.30.0-3.el8.x86_64.rpm
qpid-proton-cpp-devel-0.30.0-3.el8.x86_64.rpm
qpid-proton-debuginfo-0.30.0-3.el8.x86_64.rpm
qpid-proton-debugsource-0.30.0-3.el8.x86_64.rpm
rubygem-qpid_proton-0.30.0-1.el8.x86_64.rpm
rubygem-qpid_proton-debuginfo-0.30.0-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2019-20444
https://access.redhat.com/security/cve/CVE-2019-20445
https://access.redhat.com/security/cve/CVE-2020-7238
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_amq/

9. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXlU9u9zjgjWX9erEAQjJRg/9EWdSUKhNIQBO7WFXvi/PO/2ebxBePbDH
l0mUNYaOeKyLJvSDLdE8OY25r1zdG6ZgrZLsiPUV31MLlyqXIUXPpFaylv74yZDy
/oP8HnhaHQ29/RhooT5QLxqyCF7f4Bh+1C8VrrwSVKVvlt0Nwz3pC2uZudD6qv8r
juZ8qNjWaQrD5RjWNKljRIzP/VWTU+9GTpACHmK5aTzcN+IgwSP+xJ9oIxnCvjNZ
OhEPTnbYwVA645klWUpFKlj/eFIPSVl3/LTY3F5U1RPlU8qAGIBqPS6gUJSvFg5i
HPOSa0yhFYD7jnPOR4SC24+/eLJaroP+GmnujWGSR10wnE4UZzoFtaw1OJblMdPt
8Ucs5Y0h7KBZwirSLVKEn8hW92cb3IjnCWde4aZjg46fbXrpeGi0tCtE+gh3shUC
3EBEtgU3/I3FoakQty7ePe6YHfFN3+u8Z3TsIQ9GJUCtZj/eeQyqGKLFgAncA6O6
cfZTDMzDU36snL11T8hAcVi2AKoJTxkbqzKy/A28xT11FYrGAGkATsb7mH16CRb9
zFmcsOEdNYBnh7r6QIeJmo0dyFLvAHUfjTabYqimPqABqhvjPeWc2OH5wXuyxV7l
nHSLM62VhwLcRF5AAvxaNL+QE1B0GUH69Bhqn++0iTVoop0vluvE0DS5T4Gu0AYQ
ZlNPuesCwnc=ypok
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-0601:01 Important: AMQ Clients 2.6.0 Release

An update is now available for Red Hat AMQ Clients 2.6.0

Summary

Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8.
Security Fix(es):
* netty: HTTP request smuggling (CVE-2019-20444)
* netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2019-20444 https://access.redhat.com/security/cve/CVE-2019-20445 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_amq/

Package List

6Client-AMQ-Clients-2:
Source: qpid-proton-0.30.0-4.el6_10.src.rpm
i386: python-qpid-proton-0.30.0-4.el6_10.i686.rpm qpid-proton-c-0.30.0-4.el6_10.i686.rpm qpid-proton-c-devel-0.30.0-4.el6_10.i686.rpm qpid-proton-cpp-0.30.0-4.el6_10.i686.rpm qpid-proton-cpp-devel-0.30.0-4.el6_10.i686.rpm qpid-proton-debuginfo-0.30.0-4.el6_10.i686.rpm
noarch: python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm
x86_64: python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm
6ComputeNode-AMQ-Clients-2:
Source: qpid-proton-0.30.0-4.el6_10.src.rpm
noarch: python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm
x86_64: python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm
6Server-AMQ-Clients-2:
Source: qpid-proton-0.30.0-4.el6_10.src.rpm
i386: python-qpid-proton-0.30.0-4.el6_10.i686.rpm qpid-proton-c-0.30.0-4.el6_10.i686.rpm qpid-proton-c-devel-0.30.0-4.el6_10.i686.rpm qpid-proton-cpp-0.30.0-4.el6_10.i686.rpm qpid-proton-cpp-devel-0.30.0-4.el6_10.i686.rpm qpid-proton-debuginfo-0.30.0-4.el6_10.i686.rpm
noarch: python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm
x86_64: python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm
6Workstation-AMQ-Clients-2:
Source: qpid-proton-0.30.0-4.el6_10.src.rpm
i386: python-qpid-proton-0.30.0-4.el6_10.i686.rpm qpid-proton-c-0.30.0-4.el6_10.i686.rpm qpid-proton-c-devel-0.30.0-4.el6_10.i686.rpm qpid-proton-cpp-0.30.0-4.el6_10.i686.rpm qpid-proton-cpp-devel-0.30.0-4.el6_10.i686.rpm qpid-proton-debuginfo-0.30.0-4.el6_10.i686.rpm
noarch: python-qpid-proton-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-c-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-cpp-docs-0.30.0-4.el6_10.noarch.rpm qpid-proton-tests-0.30.0-4.el6_10.noarch.rpm
x86_64: python-qpid-proton-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-0.30.0-4.el6_10.x86_64.rpm qpid-proton-c-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-0.30.0-4.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.30.0-4.el6_10.x86_64.rpm qpid-proton-debuginfo-0.30.0-4.el6_10.x86_64.rpm
7Client-AMQ-Clients-2:
Source: qpid-proton-0.30.0-2.el7.src.rpm rubygem-qpid_proton-0.30.0-1.el7.src.rpm
noarch: python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm qpid-proton-tests-0.30.0-2.el7.noarch.rpm rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm
x86_64: python-qpid-proton-0.30.0-2.el7.x86_64.rpm qpid-proton-c-0.30.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm
7ComputeNode-AMQ-Clients-2:
Source: qpid-proton-0.30.0-2.el7.src.rpm rubygem-qpid_proton-0.30.0-1.el7.src.rpm
noarch: python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm qpid-proton-tests-0.30.0-2.el7.noarch.rpm rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm
x86_64: python-qpid-proton-0.30.0-2.el7.x86_64.rpm qpid-proton-c-0.30.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm
7Server-AMQ-Clients-2:
Source: qpid-proton-0.30.0-2.el7.src.rpm rubygem-qpid_proton-0.30.0-1.el7.src.rpm
noarch: python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm qpid-proton-tests-0.30.0-2.el7.noarch.rpm rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm
x86_64: python-qpid-proton-0.30.0-2.el7.x86_64.rpm qpid-proton-c-0.30.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm
7Workstation-AMQ-Clients-2:
Source: qpid-proton-0.30.0-2.el7.src.rpm rubygem-qpid_proton-0.30.0-1.el7.src.rpm
noarch: python-qpid-proton-docs-0.30.0-2.el7.noarch.rpm qpid-proton-c-docs-0.30.0-2.el7.noarch.rpm qpid-proton-cpp-docs-0.30.0-2.el7.noarch.rpm qpid-proton-tests-0.30.0-2.el7.noarch.rpm rubygem-qpid_proton-doc-0.30.0-1.el7.noarch.rpm
x86_64: python-qpid-proton-0.30.0-2.el7.x86_64.rpm qpid-proton-c-0.30.0-2.el7.x86_64.rpm qpid-proton-c-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-0.30.0-2.el7.x86_64.rpm qpid-proton-cpp-devel-0.30.0-2.el7.x86_64.rpm qpid-proton-debuginfo-0.30.0-2.el7.x86_64.rpm rubygem-qpid_proton-0.30.0-1.el7.x86_64.rpm rubygem-qpid_proton-debuginfo-0.30.0-1.el7.x86_64.rpm
8Base-AMQ-Clients-2:
Source: nodejs-rhea-1.0.16-1.el8.src.rpm qpid-proton-0.30.0-3.el8.src.rpm rubygem-qpid_proton-0.30.0-1.el8.src.rpm
noarch: nodejs-rhea-1.0.16-1.el8.noarch.rpm python-qpid-proton-docs-0.30.0-3.el8.noarch.rpm qpid-proton-c-docs-0.30.0-3.el8.noarch.rpm qpid-proton-cpp-docs-0.30.0-3.el8.noarch.rpm qpid-proton-tests-0.30.0-3.el8.noarch.rpm rubygem-qpid_proton-doc-0.30.0-1.el8.noarch.rpm
x86_64: python3-qpid-proton-0.30.0-3.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.30.0-3.el8.x86_64.rpm qpid-proton-c-0.30.0-3.el8.x86_64.rpm qpid-proton-c-debuginfo-0.30.0-3.el8.x86_64.rpm qpid-proton-c-devel-0.30.0-3.el8.x86_64.rpm qpid-proton-cpp-0.30.0-3.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.30.0-3.el8.x86_64.rpm qpid-proton-cpp-devel-0.30.0-3.el8.x86_64.rpm qpid-proton-debuginfo-0.30.0-3.el8.x86_64.rpm qpid-proton-debugsource-0.30.0-3.el8.x86_64.rpm rubygem-qpid_proton-0.30.0-1.el8.x86_64.rpm rubygem-qpid_proton-debuginfo-0.30.0-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:0601-01
Product: Red Hat AMQ Clients
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0601
Issued Date: : 2020-02-25
CVE Names: CVE-2019-20444 CVE-2019-20445 CVE-2020-7238

Topic

An update is now available for Red Hat AMQ Clients 2.6.0. Red Hat ProductSecurity has rated this update as having a security impact of Important.A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.


Topic


 

Relevant Releases Architectures

6Client-AMQ-Clients-2 - i386, noarch, x86_64

6ComputeNode-AMQ-Clients-2 - noarch, x86_64

6Server-AMQ-Clients-2 - i386, noarch, x86_64

6Workstation-AMQ-Clients-2 - i386, noarch, x86_64

7Client-AMQ-Clients-2 - noarch, x86_64

7ComputeNode-AMQ-Clients-2 - noarch, x86_64

7Server-AMQ-Clients-2 - noarch, x86_64

7Workstation-AMQ-Clients-2 - noarch, x86_64

8Base-AMQ-Clients-2 - noarch, x86_64


Bugs Fixed

1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

1798524 - CVE-2019-20444 netty: HTTP request smuggling

6. JIRA issues fixed (https://issues.redhat.com/):

ENTMQCL-1075 - [python] Example broker.py is using collections.deque.count from Python 2.7

ENTMQCL-1076 - [python] Example abstract_server.py is using relative import

ENTMQCL-1246 - [python] Install egg-info directory

ENTMQCL-1287 - [python] Read a config file to get default connection parameters (Windows)

ENTMQCL-1322 - amqpnetlite-sdk-2.1.6 does not export resource strings

ENTMQCL-1361 - [python] Convert strings in the API to AMQP symbols where required

ENTMQCL-1364 - [python] P2P detach frame not received results in connection aborted

ENTMQCL-1578 - [python] qpid-proton-0.28.0-1.el7 leaks memory

ENTMQCL-1583 - [doc] Broken links in rh-messaging/amq-docs master

ENTMQCL-1635 - [javascript] File-based connection configuration can't use named ports

ENTMQCL-1641 - [dotnet] Update AMQ .NET Client based on amqpnetlite 2.2

ENTMQCL-1679 - [python] HOME location of file-based connection configuration does not point to HOME location

ENTMQCL-1717 - [python] Default port should be amqps

ENTMQCL-1726 - [jms] Improve performance when using simulated anonymous producersENTMQCL-1781 - Established connections are aborted after the system clock is shifted forward

ENTMQCL-1818 - [javascript] npm install fails due to missing configuration file for ESLint

ENTMQCL-1835 - [jms] client-ack consumers don't increment remote delivery count on closure after fresh recover


Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved