Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat AMQ Clients 2.7.0 RHSA-2020:2605-01 Low Severity: Buffer Overflow

red hat
Calendar Grey June 17, 2020
Dist Redhat Esm H88
The update for Red Hat AMQ Clients 2.7.0 resolves minor security vulnerabilities. Discover the improvements and patches implemented.
An update is now available for Red Hat AMQ Clients 2.7.0

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8.
Security Fix(es):
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory buffer overflow red hat low message broker amq clients

References

https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_amq/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.clients&version=2.7.0

Package List

6Client-AMQ-Clients-2:
Source: qpid-cpp-1.36.0-30.el6_10amq.src.rpm qpid-proton-0.31.0-3.el6_10.src.rpm
i386: python-qpid-proton-0.31.0-3.el6_10.i686.rpm qpid-proton-c-0.31.0-3.el6_10.i686.rpm qpid-proton-c-devel-0.31.0-3.el6_10.i686.rpm qpid-proton-cpp-0.31.0-3.el6_10.i686.rpm qpid-proton-cpp-devel-0.31.0-3.el6_10.i686.rpm qpid-proton-debuginfo-0.31.0-3.el6_10.i686.rpm
noarch: python-qpid-proton-docs-0.31.0-3.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-30.el6_10amq.noarch.rpm qpid-proton-c-docs-0.31.0-3.el6_10.noarch.rpm qpid-proton-cpp-docs-0.31.0-3.el6_10.noarch.rpm qpid-proton-tests-0.31.0-3.el6_10.noarch.rpm
x86_64: python-qpid-proton-0.31.0-3.el6_10.x86_64.rpm qpid-cpp-client-1.36.0-30.el6_10amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-30.el6_10amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-30.el6_10amq.x86_64.rpm qpid-proton-c-0.31.0-3.el6_10.x86_64.rpm qpid-proton-c-devel-0.31.0-3.el6_10.x86_64.rpm qpid-proton-cpp-0.31.0-3.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.31.0-3.el6_10.x86_64.rpm qpid-proton-debuginfo-0.31.0-3.el6_10.x86_64.rpm
6ComputeNode-AMQ-Clients-2:
Source: qpid-cpp-1.36.0-30.el6_10amq.src.rpm qpid-proton-0.31.0-3.el6_10.src.rpm
noarch: python-qpid-proton-docs-0.31.0-3.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-30.el6_10amq.noarch.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:2605-01
Product: Red Hat AMQ Clients
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2605
Issue date: 2020-06-17

Topic

An update is now available for Red Hat AMQ Clients 2.7.0.Red Hat Product Security has rated this update as having a Low securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory buffer overflow red hat low message broker amq clients

Relevant Releases Architectures

6Client-AMQ-Clients-2 - i386, noarch, x86_64

6ComputeNode-AMQ-Clients-2 - noarch, x86_64

6Server-AMQ-Clients-2 - i386, noarch, x86_64

6Workstation-AMQ-Clients-2 - i386, noarch, x86_64

7Client-AMQ-Clients-2 - noarch, x86_64

7ComputeNode-AMQ-Clients-2 - noarch, x86_64

7Server-AMQ-Clients-2 - noarch, x86_64

7Workstation-AMQ-Clients-2 - noarch, x86_64

8Base-AMQ-Clients-2 - noarch, x86_64

Bugs Fixed

1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

ENTMQCL-1107 - [examples] Multi-process examples does not work on Windows

ENTMQCL-1150 - AMQP Python clients missing for Windows users or other usersENTMQCL-1297 - [dotnet] .Net Framework 4.7 for AMQ Client 2.7.0

ENTMQCL-1736 - [python] Example helloworld_direct_tornado.py does not work

ENTMQCL-1737 - [python] Example helloworld_tornado.py does not work

ENTMQCL-1738 - [python] Example client_http.py does not work

ENTMQCL-1739 - [dotnet] Support AMQ .NET Client with .NET Core 3.1

ENTMQCL-1854 - [python] ApplicationEvent causing memory growth

ENTMQCL-1861 - [python] Memory leak on Container, SSL, and SSLDomain objects

ENTMQCL-1922 - [ruby] rubygem doc is not multilib-clean for x86_64 vs i686

ENTMQCL-1985 - [dotnet] TcpKeepAliveSettings do not work on Linux

ENTMQCL-761 - [python] Unable to run Proton on Windows with Python 3.6 64bit

ENTMQCL-797 - [python] Support Python 3 on Windows

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here