Red Hat 2.8.0: RHSA-2020-3817-01 Moderate: AMQ Client Updates

red hat

September 23, 2020

An update is now available for Red Hat AMQ Clients 2.8.0

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8.
Security Fix(es):
* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics Covered

security advisory moderate denial of service Red Hat update bug fixes AMQ Clients

References

https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14307 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_amq/2021.q4

Package List

6Client-AMQ-Clients-2:
Source: qpid-cpp-1.36.0-31.el6_10amq.src.rpm qpid-proton-0.32.0-1.el6_10.src.rpm
i386: python-qpid-proton-0.32.0-1.el6_10.i686.rpm qpid-proton-c-0.32.0-1.el6_10.i686.rpm qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
noarch: python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
x86_64: python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
6ComputeNode-AMQ-Clients-2:
Source: qpid-cpp-1.36.0-31.el6_10amq.src.rpm qpid-proton-0.32.0-1.el6_10.src.rpm
noarch: python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm

Read the Full Advisory

Advisory ID: RHSA-2020:3817-01

Product: Red Hat AMQ Clients

Advisory URL: https://access.redhat.com/errata/RHSA-2020:3817

Issue date: 2020-09-23

Topic

An update is now available for Red Hat AMQ Clients 2.8.0.Red Hat Product Security has rated this update as having a Moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics Covered

security advisory moderate denial of service Red Hat update bug fixes AMQ Clients

Relevant Releases Architectures

6Client-AMQ-Clients-2 - i386, noarch, x86_64

6ComputeNode-AMQ-Clients-2 - noarch, x86_64

6Server-AMQ-Clients-2 - i386, noarch, x86_64

6Workstation-AMQ-Clients-2 - i386, noarch, x86_64

7Client-AMQ-Clients-2 - noarch, x86_64

7ComputeNode-AMQ-Clients-2 - noarch, x86_64

7Server-AMQ-Clients-2 - noarch, x86_64

7Workstation-AMQ-Clients-2 - noarch, x86_64

8Base-AMQ-Clients-2 - noarch, x86_64

Bugs Fixed

1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender

1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

ENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6

ENTMQCL-1988 - AMQ Resource Adapter example project does not run

ENTMQCL-2070 - [jms] Log successful reconnects more prominently

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat 2.8.0: RHSA-2020-3817-01 Moderate: AMQ Client Updates

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat 2.8.0: RHSA-2020-3817-01 Moderate: AMQ Client Updates

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!