-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update
Advisory ID:       RHSA-2020:4211-01
Product:           Red Hat JBoss AMQ Interconnect
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4211
Issue date:        2020-10-08
CVE Names:         CVE-2020-7656 CVE-2020-11022 CVE-2020-11023 
====================================================================
1. Summary:

Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ
Interconnect on RHEL 6, 7, and 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

6ComputeNode-RH6-A-MQ-Interconnect-1 - noarch, x86_64
6Server-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64
6Workstation-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64
7ComputeNode-RH7-A-MQ-Interconnect-1 - noarch, x86_64
7Server-RH7-A-MQ-Interconnect-1 - noarch, x86_64
7Workstation-RH7-A-MQ-Interconnect-1 - noarch, x86_64
8Base-A-MQ-Interconnect-1 - noarch, x86_64

3. Description:

Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ
Interconnect provides flexible routing of messages between AMQP-enabled
endpoints, whether they are clients, servers, brokers, or any other entity
that can send or receive standard AMQP messages.

This release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for
Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and
enhancements.  For further information, refer to the release notes linked
to in the References section.

Security Fix(es):

* jQuery: allows XSS via the load method (CVE-2020-7656)

* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
method (CVE-2020-11022)

* jQuery: passing HTML containing

RedHat: RHSA-2020-4211:01 Moderate: Red Hat AMQ Interconnect 1.9.0 release

Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8

Summary

Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.
This release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jQuery: allows XSS via the load method (CVE-2020-7656)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jQuery: passing HTML containing

Summary

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-7656 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect&downloadType=distributions&version=1.9.0 https://access.redhat.com/documentation/en-us/red_hat_amq/

Package List

6ComputeNode-RH6-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el6_10.src.rpm
noarch: qpid-dispatch-console-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-docs-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-tools-1.13.0-3.el6_10.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el6_10.x86_64.rpm qpid-dispatch-router-1.13.0-3.el6_10.x86_64.rpm
6Server-RH6-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el6_10.src.rpm
i386: qpid-dispatch-debuginfo-1.13.0-3.el6_10.i686.rpm qpid-dispatch-router-1.13.0-3.el6_10.i686.rpm
noarch: qpid-dispatch-console-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-docs-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-tools-1.13.0-3.el6_10.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el6_10.x86_64.rpm qpid-dispatch-router-1.13.0-3.el6_10.x86_64.rpm
6Workstation-RH6-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el6_10.src.rpm
i386: qpid-dispatch-debuginfo-1.13.0-3.el6_10.i686.rpm qpid-dispatch-router-1.13.0-3.el6_10.i686.rpm
noarch: qpid-dispatch-console-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-docs-1.13.0-3.el6_10.noarch.rpm qpid-dispatch-tools-1.13.0-3.el6_10.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el6_10.x86_64.rpm qpid-dispatch-router-1.13.0-3.el6_10.x86_64.rpm
7ComputeNode-RH7-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el7.src.rpm
noarch: qpid-dispatch-console-1.13.0-3.el7.noarch.rpm qpid-dispatch-docs-1.13.0-3.el7.noarch.rpm qpid-dispatch-tools-1.13.0-3.el7.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el7.x86_64.rpm qpid-dispatch-router-1.13.0-3.el7.x86_64.rpm
7Server-RH7-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el7.src.rpm
noarch: qpid-dispatch-console-1.13.0-3.el7.noarch.rpm qpid-dispatch-docs-1.13.0-3.el7.noarch.rpm qpid-dispatch-tools-1.13.0-3.el7.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el7.x86_64.rpm qpid-dispatch-router-1.13.0-3.el7.x86_64.rpm
7Workstation-RH7-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el7.src.rpm
noarch: qpid-dispatch-console-1.13.0-3.el7.noarch.rpm qpid-dispatch-docs-1.13.0-3.el7.noarch.rpm qpid-dispatch-tools-1.13.0-3.el7.noarch.rpm
x86_64: qpid-dispatch-debuginfo-1.13.0-3.el7.x86_64.rpm qpid-dispatch-router-1.13.0-3.el7.x86_64.rpm
8Base-A-MQ-Interconnect-1:
Source: qpid-dispatch-1.13.0-3.el8.src.rpm
noarch: qpid-dispatch-console-1.13.0-3.el8.noarch.rpm qpid-dispatch-docs-1.13.0-3.el8.noarch.rpm qpid-dispatch-tools-1.13.0-3.el8.noarch.rpm
x86_64: qpid-dispatch-debugsource-1.13.0-3.el8.x86_64.rpm qpid-dispatch-router-1.13.0-3.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.13.0-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

Advisory ID: RHSA-2020:4211-01

Product: Red Hat JBoss AMQ Interconnect

Advisory URL: https://access.redhat.com/errata/RHSA-2020:4211

Issued Date: : 2020-10-08

CVE Names: CVE-2020-7656 CVE-2020-11022 CVE-2020-11023

Topic

Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQInterconnect on RHEL 6, 7, and 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.