Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3817:01 Moderate: AMQ Clients 2.8.0 Release

    Date
    189
    Posted By
    An update is now available for Red Hat AMQ Clients 2.8.0. Red Hat Product Security has rated this update as having a Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: AMQ Clients 2.8.0 Release
    Advisory ID:       RHSA-2020:3817-01
    Product:           Red Hat AMQ Clients
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3817
    Issue date:        2020-09-23
    CVE Names:         CVE-2020-9488 CVE-2020-11113 CVE-2020-14297 
                       CVE-2020-14307 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat AMQ Clients 2.8.0.
    
    Red Hat Product Security has rated this update as having a Moderate
    security impact. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    6Client-AMQ-Clients-2 - i386, noarch, x86_64
    6ComputeNode-AMQ-Clients-2 - noarch, x86_64
    6Server-AMQ-Clients-2 - i386, noarch, x86_64
    6Workstation-AMQ-Clients-2 - i386, noarch, x86_64
    7Client-AMQ-Clients-2 - noarch, x86_64
    7ComputeNode-AMQ-Clients-2 - noarch, x86_64
    7Server-AMQ-Clients-2 - noarch, x86_64
    7Workstation-AMQ-Clients-2 - noarch, x86_64
    8Base-AMQ-Clients-2 - noarch, x86_64
    
    3. Description:
    
    Red Hat AMQ Clients enable connecting, sending, and receiving messages over
    the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
    
    This update provides various bug fixes and enhancements in addition to the
    client package versions previously released on Red Hat Enterprise Linux 6,
    7, and 8.
    
    Security Fix(es):
    
    * jackson-databind: Serialization gadgets in
    org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
    
    * wildfly: Some EJB transaction objects may get accumulated causing Denial
    of Service (CVE-2020-14297)
    
    * wildfly: EJB SessionOpenInvocations may not be removed properly after a
    response is received causing Denial of Service (CVE-2020-14307)
    
    * log4j: improper validation of certificate with host mismatch in SMTP
    appender (CVE-2020-9488)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
    1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
    1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
    1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
    
    6. JIRA issues fixed (https://issues.jboss.org/):
    
    ENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6
    ENTMQCL-1988 - AMQ Resource Adapter example project does not run
    ENTMQCL-2070 - [jms] Log successful reconnects more prominently
    
    7. Package List:
    
    6Client-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    i386:
    python-qpid-proton-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    6ComputeNode-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    6Server-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    i386:
    python-qpid-proton-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    6Workstation-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el6_10amq.src.rpm
    qpid-proton-0.32.0-1.el6_10.src.rpm
    
    i386:
    python-qpid-proton-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-0.32.0-1.el6_10.i686.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
    qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
    qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm
    
    7Client-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    7ComputeNode-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    7Server-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    7Workstation-AMQ-Clients-2:
    
    Source:
    qpid-cpp-1.36.0-31.el7amq.src.rpm
    qpid-proton-0.32.0-2.el7.src.rpm
    
    noarch:
    python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
    qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
    qpid-proton-tests-0.32.0-2.el7.noarch.rpm
    
    x86_64:
    python-qpid-proton-0.32.0-2.el7.x86_64.rpm
    qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
    qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
    qpid-proton-c-0.32.0-2.el7.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm
    
    8Base-AMQ-Clients-2:
    
    Source:
    nodejs-rhea-1.0.24-1.el8.src.rpm
    qpid-proton-0.32.0-2.el8.src.rpm
    
    noarch:
    nodejs-rhea-1.0.24-1.el8.noarch.rpm
    python-qpid-proton-docs-0.32.0-2.el8.noarch.rpm
    qpid-proton-c-docs-0.32.0-2.el8.noarch.rpm
    qpid-proton-cpp-docs-0.32.0-2.el8.noarch.rpm
    qpid-proton-tests-0.32.0-2.el8.noarch.rpm
    
    x86_64:
    python3-qpid-proton-0.32.0-2.el8.x86_64.rpm
    python3-qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-c-0.32.0-2.el8.x86_64.rpm
    qpid-proton-c-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-c-devel-0.32.0-2.el8.x86_64.rpm
    qpid-proton-cpp-0.32.0-2.el8.x86_64.rpm
    qpid-proton-cpp-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-cpp-devel-0.32.0-2.el8.x86_64.rpm
    qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
    qpid-proton-debugsource-0.32.0-2.el8.x86_64.rpm
    rubygem-qpid_proton-0.32.0-2.el8.x86_64.rpm
    rubygem-qpid_proton-debuginfo-0.32.0-2.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    8. References:
    
    https://access.redhat.com/security/cve/CVE-2020-9488
    https://access.redhat.com/security/cve/CVE-2020-11113
    https://access.redhat.com/security/cve/CVE-2020-14297
    https://access.redhat.com/security/cve/CVE-2020-14307
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/documentation/en-us/red_hat_amq
    
    9. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX2sPG9zjgjWX9erEAQiUhQ/+JX8PxKtJxrUU/dq1RKraMhmSIMuYNJ2I
    8yiRcXDkXo5Ph4bsUSkPltNNJ+uxZ9yIg/8s/Xao27Y72b1PZ5FPBL0GmtpSYL2G
    aDzaPmpFP7KKGoi92lf2FEIcK1NgUyzZteIhegkAhvZtw27/dnlwY3vLfSfXiCPO
    RImbUL4lHQ54V5gmWw6rQP1UUtpBnOZSkI5rl0ifIaB9ad0a3n5NxBj2oVuyhCJw
    YiEz+K8we9wnTRXy3Dxpa5IHiVAsaAUDY4Pja5OQboOS9OnWniLOJMqLts4vUuQ5
    HlDCVvzHZbCxaAquM7mrD63wk5Jq/Tn7OXdx2qe+naqwTj/9giX11nuRLMxLGSCZ
    rBsak2dJ3Qa5j/mUEwh55ytao+k3t6OjULHu6m3TYJOZ0C32h98uboNeJBK5Zrko
    7qlQaYZ1H3gdnneBRiAf8AwTyRZsMJAG+nlmW+heE2hXwrMyphWR/pWYjC+unJwr
    feLE/UWju8qQxaDVp+qPutubatFbV1jIbgYugvMTlefWTO3cRSc7AbGLRpKfo2uN
    ICiPKeOkMBupU8ln1P2KaaKO35iai1LXNjAY1q575ChVXgo+um388f1cpj9hqUOU
    pR+f1OD1rv631WxKxbNc0Xwprxw8R2ocNuYzYxxnHuanCz9M3Gev+F35klAG6GjZ
    JiQCOpBa2fE=
    =BMtP
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"3","type":"x","order":"2","pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.