Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat 7: RHSA-2021:1511-01 Moderate: Information Disclosure Threat

red hat
Calendar Grey May 6, 2021
Dist Redhat Esm H88
The release of Red Hat AMQ Clients 2.9.1 introduces important security enhancements addressing vulnerabilities related to data exposure and request manipulation.
An update is now available for Red Hat AMQ Clients 2.9.1

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 7 and 8.
Security Fix(es):
* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security update update moderate severity information disclosure request smuggling Red Hat 7 security impact moderate Red Hat AMQ Clients AMQ Clients

References

https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_amq/

Package List

7Client-AMQ-Clients-2:
Source: qpid-proton-0.33.0-6.el7_9.src.rpm
noarch: python-qpid-proton-docs-0.33.0-6.el7_9.noarch.rpm qpid-proton-c-docs-0.33.0-6.el7_9.noarch.rpm qpid-proton-cpp-docs-0.33.0-6.el7_9.noarch.rpm qpid-proton-tests-0.33.0-6.el7_9.noarch.rpm
x86_64: python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-c-devel-0.33.0-6.el7_9.x86_64.rpm qpid-proton-cpp-0.33.0-6.el7_9.x86_64.rpm qpid-proton-cpp-devel-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm rubygem-qpid_proton-0.33.0-6.el7_9.x86_64.rpm
7ComputeNode-AMQ-Clients-2:
Source: qpid-proton-0.33.0-6.el7_9.src.rpm
noarch: python-qpid-proton-docs-0.33.0-6.el7_9.noarch.rpm qpid-proton-c-docs-0.33.0-6.el7_9.noarch.rpm qpid-proton-cpp-docs-0.33.0-6.el7_9.noarch.rpm qpid-proton-tests-0.33.0-6.el7_9.noarch.rpm
x86_64: python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-c-devel-0.33.0-6.el7_9.x86_64.rpm qpid-proton-cpp-0.33.0-6.el7_9.x86_64.rpm qpid-proton-cpp-devel-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm rubygem-qpid_proton-0.33.0-6.el7_9.x86_64.rpm
7Server-AMQ-Clients-2:
Source: qpid-proton-0.33.0-6.el7_9.src.rpm
noarch:

Read the Full Advisory


Advisory ID: RHSA-2021:1511-01
Product: Red Hat AMQ Clients
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1511
Issue date: 2021-05-06

Topic

An update is now available for Red Hat AMQ Clients 2.9.1.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update update moderate severity information disclosure request smuggling Red Hat 7 security impact moderate Red Hat AMQ Clients AMQ Clients

Relevant Releases Architectures

7Client-AMQ-Clients-2 - noarch, x86_64

7ComputeNode-AMQ-Clients-2 - noarch, x86_64

7Server-AMQ-Clients-2 - noarch, x86_64

7Workstation-AMQ-Clients-2 - noarch, x86_64

8Base-AMQ-Clients-2 - noarch, x86_64

Bugs Fixed

1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory

1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation

1944888 - CVE-2021-21409 netty: Request smuggling via content-length header

6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

ENTMQCL-2586 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory [amq-cl-2]

ENTMQCL-2596 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation [amq-cl-2]

ENTMQCL-2685 - CVE-2021-21409 netty: Request smuggling via content-length header [amq-cl-2]

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here