Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

RHEL: RHSA-2020-4211-01 Moderate: Red Hat AMQ Interconnect 1.9.0 Release

red hat
Calendar Grey October 8, 2020
Dist Redhat Esm H88
Red Hat AMQ Interconnect version 1.9.0 has been released, providing packages for RHEL that come with a moderate level of security implications. Further details are included below.
Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.
This release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jQuery: allows XSS via the load method (CVE-2020-7656)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jQuery: passing HTML containing

Topics%20covered

Topics Covered

security advisory moderate security issue software update XSS RHEL Red Hat AMQ

References

https://access.redhat.com/security/cve/CVE-2020-7656 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect&downloadType=distributions&version=1.9.0 https://access.redhat.com/documentation/en-us/red_hat_amq/

Package List

6ComputeNode-RH6-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el6_10.src.rpm
noarch: qpid-dispatch-console-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-docs-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-tools-1.13.0-3.el6_10.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el6_10.x86_64.rpm qpid-dispatch-router-1.13.0-3.el6_10.x86_64.rpm
6Server-RH6-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el6_10.src.rpm
i386: qpid-dispatch-debuginfo-1.13.0-3.el6_10.i686.rpm qpid-dispatch-router-1.13.0-3.el6_10.i686.rpm
noarch: qpid-dispatch-console-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-docs-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-tools-1.13.0-3.el6_10.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el6_10.x86_64.rpm qpid-dispatch-router-1.13.0-3.el6_10.x86_64.rpm
6Workstation-RH6-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el6_10.src.rpm
i386: qpid-dispatch-debuginfo-1.13.0-3.el6_10.i686.rpm qpid-dispatch-router-1.13.0-3.el6_10.i686.rpm
noarch: qpid-dispatch-console-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-docs-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-tools-1.13.0-3.el6_10.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el6_10.x86_64.rpm qpid-dispatch-router-1.13.0-3.el6_10.x86_64.rpm
7ComputeNode-RH7-A-MQ-Interconnect-1:
Source:

Read the Full Advisory


Advisory ID: RHSA-2020:4211-01
Product: Red Hat JBoss AMQ Interconnect
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4211
Issue date: 2020-10-08

Topic

Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQInterconnect on RHEL 6, 7, and 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue software update XSS RHEL Red Hat AMQ

Relevant Releases Architectures

6ComputeNode-RH6-A-MQ-Interconnect-1 - noarch, x86_64

6Server-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64

6Workstation-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64

7ComputeNode-RH7-A-MQ-Interconnect-1 - noarch, x86_64

7Server-RH7-A-MQ-Interconnect-1 - noarch, x86_64

7Workstation-RH7-A-MQ-Interconnect-1 - noarch, x86_64

8Base-A-MQ-Interconnect-1 - noarch, x86_64

Bugs Fixed

1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

1850004 - CVE-2020-11023 jQuery: passing HTML containing

1850119 - CVE-2020-7656 jQuery: allows XSS via the load method

6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

ENTMQIC-2448 - Allow specifying address/source/target to be used for a multitenant listener

ENTMQIC-2455 - Allow AMQP open properties to be supplemented from connector configuration

ENTMQIC-2460 - Adding new config address, autolinks and link routes become slower as more get added

ENTMQIC-2481 - Unable to delete listener with http enabled

ENTMQIC-2485 - The VhostNamePatterns does not work in OCP env

ENTMQIC-2492 - router drops TransactionalState on produced messages on link routes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here