Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3817:01 Moderate: AMQ Clients 2.8.0 Release

    Date
    281
    Posted By
    An update is now available for Red Hat AMQ Clients 2.8.0. Red Hat Product Security has rated this update as having a Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: AMQ Clients 2.8.0 Release
    Advisory ID:       RHSA-2020:3817-01
    Product:           Red Hat AMQ Clients
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3817
    Issue date:        2020-09-23
    CVE Names:         CVE-2020-9488 CVE-2020-11113 CVE-2020-14297 
                       CVE-2020-14307 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat AMQ Clients 2.8.0.
    
    Red Hat Product Security has rated this update as having a Moderate
    security impact. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    6Client-AMQ-Clients-2 - i386, noarch, x86_64
    6ComputeNode-AMQ-Clients-2 - noarch, x86_64
    6Server-AMQ-Clients-2 - i386, noarch, x86_64
    6Workstation-AMQ-Clients-2 - i386, noarch, x86_64
    7Client-AMQ-Clients-2 - noarch, x86_64
    7ComputeNode-AMQ-Clients-2 - noarch, x86_64
    7Server-AMQ-Clients-2 - noarch, x86_64
    7Workstation-AMQ-Clients-2 - noarch, x86_64
    8Base-AMQ-Clients-2 - noarch, x86_64
    
    3. Description:
    
    Red Hat AMQ Clients enable connecting, sending, and receiving messages over
    the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
    
    This update provides various bug fixes and enhancements in addition to the
    client package versions previously released on Red Hat Enterprise Linux 6,
    7, and 8.
    
    Security Fix(es):
    
    * jackson-databind: Serialization gadgets in
    org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
    
    * wildfly: Some EJB transaction objects may get accumulated causing Denial
    of Service (CVE-2020-14297)
    
    * wildfly: EJB SessionOpenInvocations may not be removed properly after a
    response is received causing Denial of Service (CVE-2020-14307)
    
    * log4j: improper validation of certificate with host mismatch in SMTP
    appender (CVE-2020-9488)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
    1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
    1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
    1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
    
    6. JIRA issues fixed (https://issues.jboss.org/):
    
    ENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6
    ENTMQCL-1988 - AMQ Resource Adapter example project does not run
    ENTMQCL-2070 - [jms] Log successful reconnects more prominently
    
    7. Package List:
    
    6Client-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    i386:
    python-qpid-proton-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    6ComputeNode-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    6Server-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    i386:
    python-qpid-proton-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    6Workstation-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    i386:
    python-qpid-proton-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    7Client-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    7ComputeNode-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    7Server-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    7Workstation-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    8Base-AMQ-Clients-2:
    
    Source:
    nodejs-rhea-1.0.24-1.el8.src.rpm
    qpid-proton-0.32.0-2.el8.src.rpm
    
    noarch:
    nodejs-rhea-1.0.24-1.el8.noarch.rpm
    python-qpid-proton-docs-0.32.0-2.el8.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el8.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el8.noarch.rpm
    qpid-proton-tests-0.32.0-2.el8.noarch.rpm
    
    x86_64:
    python3-qpid-proton-0.32.0-2.el8.x86_64.rpm
    python3-qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-c-0.32.0-2.el8.x86_64.rpm
    qpid-proton-c-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el8.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el8.x86_64.rpm
    qpid-proton-cpp-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el8.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-debugsource-0.32.0-2.el8.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el8.x86_64.rpm
    rubygem-qpid_proton-debuginfo-0.32.0-2.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    8. References:
    
    https://access.redhat.com/security/cve/CVE-2020-9488
    https://access.redhat.com/security/cve/CVE-2020-11113
    https://access.redhat.com/security/cve/CVE-2020-14297
    https://access.redhat.com/security/cve/CVE-2020-14307
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/documentation/en-us/red_hat_amq
    
    9. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX2sPG9zjgjWX9erEAQiUhQ/+JX8PxKtJxrUU/dq1RKraMhmSIMuYNJ2I
    8yiRcXDkXo5Ph4bsUSkPltNNJ+uxZ9yIg/8s/Xao27Y72b1PZ5FPBL0GmtpSYL2G
    aDzaPmpFP7KKGoi92lf2FEIcK1NgUyzZteIhegkAhvZtw27/dnlwY3vLfSfXiCPO
    RImbUL4lHQ54V5gmWw6rQP1UUtpBnOZSkI5rl0ifIaB9ad0a3n5NxBj2oVuyhCJw
    YiEz+K8we9wnTRXy3Dxpa5IHiVAsaAUDY4Pja5OQboOS9OnWniLOJMqLts4vUuQ5
    HlDCVvzHZbCxaAquM7mrD63wk5Jq/Tn7OXdx2qe+naqwTj/9giX11nuRLMxLGSCZ
    rBsak2dJ3Qa5j/mUEwh55ytao+k3t6OjULHu6m3TYJOZ0C32h98uboNeJBK5Zrko
    7qlQaYZ1H3gdnneBRiAf8AwTyRZsMJAG+nlmW+heE2hXwrMyphWR/pWYjC+unJwr
    feLE/UWju8qQxaDVp+qPutubatFbV1jIbgYugvMTlefWTO3cRSc7AbGLRpKfo2uN
    ICiPKeOkMBupU8ln1P2KaaKO35iai1LXNjAY1q575ChVXgo+um388f1cpj9hqUOU
    pR+f1OD1rv631WxKxbNc0Xwprxw8R2ocNuYzYxxnHuanCz9M3Gev+F35klAG6GjZ
    JiQCOpBa2fE=
    =BMtP
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"8","type":"x","order":"1","pct":100,"resources":[]},{"id":"159","title":"False","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.