RedHat: RHSA-2020-3817:01 Moderate: AMQ Clients 2.8.0 Release
Summary
Red Hat AMQ Clients enable connecting, sending, and receiving messages over
the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
This update provides various bug fixes and enhancements in addition to the
client package versions previously released on Red Hat Enterprise Linux 6,
7, and 8.
Security Fix(es):
* jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* wildfly: Some EJB transaction objects may get accumulated causing Denial
of Service (CVE-2020-14297)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a
response is received causing Denial of Service (CVE-2020-14307)
* log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14307 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_amq
Package List
6Client-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm
i386:
python-qpid-proton-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
6ComputeNode-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm
noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
6Server-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm
i386:
python-qpid-proton-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
6Workstation-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm
i386:
python-qpid-proton-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
7Client-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm
noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
7ComputeNode-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm
noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
7Server-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm
noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
7Workstation-AMQ-Clients-2:
Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm
noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm
x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
8Base-AMQ-Clients-2:
Source:
nodejs-rhea-1.0.24-1.el8.src.rpm
qpid-proton-0.32.0-2.el8.src.rpm
noarch:
nodejs-rhea-1.0.24-1.el8.noarch.rpm
python-qpid-proton-docs-0.32.0-2.el8.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el8.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el8.noarch.rpm
qpid-proton-tests-0.32.0-2.el8.noarch.rpm
x86_64:
python3-qpid-proton-0.32.0-2.el8.x86_64.rpm
python3-qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-c-0.32.0-2.el8.x86_64.rpm
qpid-proton-c-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el8.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el8.x86_64.rpm
qpid-proton-cpp-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el8.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-debugsource-0.32.0-2.el8.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el8.x86_64.rpm
rubygem-qpid_proton-debuginfo-0.32.0-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update is now available for Red Hat AMQ Clients 2.8.0.Red Hat Product Security has rated this update as having a Moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
6Client-AMQ-Clients-2 - i386, noarch, x86_64
6ComputeNode-AMQ-Clients-2 - noarch, x86_64
6Server-AMQ-Clients-2 - i386, noarch, x86_64
6Workstation-AMQ-Clients-2 - i386, noarch, x86_64
7Client-AMQ-Clients-2 - noarch, x86_64
7ComputeNode-AMQ-Clients-2 - noarch, x86_64
7Server-AMQ-Clients-2 - noarch, x86_64
7Workstation-AMQ-Clients-2 - noarch, x86_64
8Base-AMQ-Clients-2 - noarch, x86_64
Bugs Fixed
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
6. JIRA issues fixed (https://issues.redhat.com/):
ENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6
ENTMQCL-1988 - AMQ Resource Adapter example project does not run
ENTMQCL-2070 - [jms] Log successful reconnects more prominently