Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisoryRed Hatbug fixRHEL-6: Qpid Moderate Security Update RHSA-2015:0707-01 CVE-2015-0203 DoS Threat
Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: qpid security and bug fix update Advisory ID: RHSA-2015:0707-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://access.redhat.com/errata/RHSA-2015:0707.html Issue date: 2015-03-19 CVE Names: CVE-2015-0203 CVE-2015-0223 CVE-2015-0224 ==================================================================== 1. Summary: Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat MRG Messaging for RHEL 6 Server v.3 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating Messaging, Real Time, and Grid functionality. It offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes AMQP messaging broker; AMQPclient libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed. (CVE-2015-0223) A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd. (CVE-2015-0203, CVE-2015-0224) Red Hat would like to thank the Apache Software Foundation for reporting the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as the original reporter. This update also fixes the following bugs: * Previously, the neutron messaging client rewrote (by method of "monkey-patching") the python selector module to support eventlet threading. The rewritten client did not update select.poll() during this process, which is used by qpid-python to manage I/O. This resulted in poll() deadlocks and neutron server hangs. The fix introduces updates to the python-qpid library that avoid calling poll() if eventlet threading is detected. Instead, the eventlet-aware select() is called, which prevents deadlocks from occurring and corrects the originally reported issue. (BZ#1175872) * It was discovered that the QPID Broker aborted with an uncaught UnknownExchangeTypeException when the client attempted to request an unsupported exchange type. The code for the Exchange Registry and Node Policy has been improved to prevent this issue from happening again. (BZ#1186694) Users of the Messaging capabilities of Red Hat Enterprise MRG 3, which is layered on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1175872 - [RHEL 6]neutron-server gets stuck in poll python-qpid 0.22 1181721 - CVE-2015-0203 qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling 1186302 - CVE-2015-0224 qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix) 1186308 - CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented 6. Package List: Red Hat MRG Messaging for RHEL 6 Serverv.3: Source: python-qpid-0.22-19.el6.src.rpm qpid-cpp-0.22-51.el6.src.rpm qpid-qmf-0.22-41.el6.src.rpm i386: python-qpid-qmf-0.22-41.el6.i686.rpm qpid-cpp-client-0.22-51.el6.i686.rpm qpid-cpp-client-devel-0.22-51.el6.i686.rpm qpid-cpp-client-rdma-0.22-51.el6.i686.rpm qpid-cpp-debuginfo-0.22-51.el6.i686.rpm qpid-cpp-server-0.22-51.el6.i686.rpm qpid-cpp-server-devel-0.22-51.el6.i686.rpm qpid-cpp-server-ha-0.22-51.el6.i686.rpm qpid-cpp-server-linearstore-0.22-51.el6.i686.rpm qpid-cpp-server-rdma-0.22-51.el6.i686.rpm qpid-cpp-server-xml-0.22-51.el6.i686.rpm qpid-qmf-0.22-41.el6.i686.rpm qpid-qmf-debuginfo-0.22-41.el6.i686.rpm qpid-qmf-devel-0.22-41.el6.i686.rpm ruby-qpid-qmf-0.22-41.el6.i686.rpm noarch: python-qpid-0.22-19.el6.noarch.rpm qpid-cpp-client-devel-docs-0.22-51.el6.noarch.rpm x86_64: python-qpid-qmf-0.22-41.el6.x86_64.rpm qpid-cpp-client-0.22-51.el6.i686.rpm qpid-cpp-client-0.22-51.el6.x86_64.rpm qpid-cpp-client-devel-0.22-51.el6.x86_64.rpm qpid-cpp-client-rdma-0.22-51.el6.x86_64.rpm qpid-cpp-debuginfo-0.22-51.el6.i686.rpm qpid-cpp-debuginfo-0.22-51.el6.x86_64.rpm qpid-cpp-server-0.22-51.el6.i686.rpm qpid-cpp-server-0.22-51.el6.x86_64.rpm qpid-cpp-server-devel-0.22-51.el6.x86_64.rpm qpid-cpp-server-ha-0.22-51.el6.x86_64.rpm qpid-cpp-server-linearstore-0.22-51.el6.x86_64.rpm qpid-cpp-server-rdma-0.22-51.el6.x86_64.rpm qpid-cpp-server-xml-0.22-51.el6.x86_64.rpm qpid-qmf-0.22-41.el6.i686.rpm qpid-qmf-0.22-41.el6.x86_64.rpm qpid-qmf-debuginfo-0.22-41.el6.i686.rpm qpid-qmf-debuginfo-0.22-41.el6.x86_64.rpm qpid-qmf-devel-0.22-41.el6.x86_64.rpm ruby-qpid-qmf-0.22-41.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0203 https://access.redhat.com/security/cve/CVE-2015-0223 https://access.redhat.com/security/cve/CVE-2015-0224 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: TheRed Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVCwRCXlSAg2UNWIIRAgkSAKCd5bKYzI1QrUjAk1nt684p1lSNSwCfVFpg UDSulxhPPPrDYPpnJIuZedo=lM9F -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 19, 2015
Red Hat
98
security advisorymoderatesecurity issueRed Hat Enterprise MRG 6 RHSA-2015:0707-01 qpid Moderate DoS Threat
Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: qpid security and bug fix update Advisory ID: RHSA-2015:0707-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://access.redhat.com/errata/RHSA-2015:0707.html Issue date: 2015-03-19 CVE Names: CVE-2015-0203 CVE-2015-0223 CVE-2015-0224 ==================================================================== 1. Summary: Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat MRG Messaging for RHEL 6 Server v.3 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating Messaging, Real Time, and Grid functionality. It offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes AMQP messaging broker; AMQP client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It wasdiscovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed. (CVE-2015-0223) A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd. (CVE-2015-0203, CVE-2015-0224) Red Hat would like to thank the Apache Software Foundation for reporting the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as the original reporter. This update also fixes the following bugs: * Previously, the neutron messaging client rewrote (by method of "monkey-patching") the python selector module to support eventlet threading. The rewritten client did not update select.poll() during this process, which is used by qpid-python to manage I/O. This resulted in poll() deadlocks and neutron server hangs. The fix introduces updates to the python-qpid library that avoid calling poll() if eventlet threading is detected. Instead, the eventlet-aware select() is called, which prevents deadlocks from occurring and corrects the originally reported issue. (BZ#1175872) * It was discovered that the QPID Broker aborted with an uncaught UnknownExchangeTypeException when the client attempted to request an unsupported exchange type. The code for the Exchange Registry and Node Policy has been improved to prevent this issue from happening again. (BZ#1186694) Users of the Messaging capabilities of Red Hat Enterprise MRG 3, which is layered on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1175872 - [RHEL 6]neutron-server gets stuck in poll python-qpid 0.22 1181721 - CVE-2015-0203 qpid-cpp: 3 qpiddDoS issues in AMQP 0-10 protocol handling 1186302 - CVE-2015-0224 qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix) 1186308 - CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented 6. Package List: Red Hat MRG Messaging for RHEL 6 Server v.3: Source: python-qpid-0.22-19.el6.src.rpm qpid-cpp-0.22-51.el6.src.rpm qpid-qmf-0.22-41.el6.src.rpm i386: python-qpid-qmf-0.22-41.el6.i686.rpm qpid-cpp-client-0.22-51.el6.i686.rpm qpid-cpp-client-devel-0.22-51.el6.i686.rpm qpid-cpp-client-rdma-0.22-51.el6.i686.rpm qpid-cpp-debuginfo-0.22-51.el6.i686.rpm qpid-cpp-server-0.22-51.el6.i686.rpm qpid-cpp-server-devel-0.22-51.el6.i686.rpm qpid-cpp-server-ha-0.22-51.el6.i686.rpm qpid-cpp-server-linearstore-0.22-51.el6.i686.rpm qpid-cpp-server-rdma-0.22-51.el6.i686.rpm qpid-cpp-server-xml-0.22-51.el6.i686.rpm qpid-qmf-0.22-41.el6.i686.rpm qpid-qmf-debuginfo-0.22-41.el6.i686.rpm qpid-qmf-devel-0.22-41.el6.i686.rpm ruby-qpid-qmf-0.22-41.el6.i686.rpm noarch: python-qpid-0.22-19.el6.noarch.rpm qpid-cpp-client-devel-docs-0.22-51.el6.noarch.rpm x86_64: python-qpid-qmf-0.22-41.el6.x86_64.rpm qpid-cpp-client-0.22-51.el6.i686.rpm qpid-cpp-client-0.22-51.el6.x86_64.rpm qpid-cpp-client-devel-0.22-51.el6.x86_64.rpm qpid-cpp-client-rdma-0.22-51.el6.x86_64.rpm qpid-cpp-debuginfo-0.22-51.el6.i686.rpm qpid-cpp-debuginfo-0.22-51.el6.x86_64.rpm qpid-cpp-server-0.22-51.el6.i686.rpm qpid-cpp-server-0.22-51.el6.x86_64.rpm qpid-cpp-server-devel-0.22-51.el6.x86_64.rpm qpid-cpp-server-ha-0.22-51.el6.x86_64.rpm qpid-cpp-server-linearstore-0.22-51.el6.x86_64.rpm qpid-cpp-server-rdma-0.22-51.el6.x86_64.rpm qpid-cpp-server-xml-0.22-51.el6.x86_64.rpm qpid-qmf-0.22-41.el6.i686.rpm qpid-qmf-0.22-41.el6.x86_64.rpm qpid-qmf-debuginfo-0.22-41.el6.i686.rpm qpid-qmf-debuginfo-0.22-41.el6.x86_64.rpm qpid-qmf-devel-0.22-41.el6.x86_64.rpm ruby-qpid-qmf-0.22-41.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-0203 https://access.redhat.com/security/cve/CVE-2015-0223 https://access.redhat.com/security/cve/CVE-2015-0224 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . Updated qpid components tackle security weaknesses in Red Hat Enterprise MRG 3, categorized with a medium risk rating.. Red Hat Enterprise MRG,Qpid Update,Security Assessment,Messaging Services. . LinuxSecurity.com Team
Mar 19, 2015
Red Hat
98
security advisorymoderatedenial of serviceRed Hat 7 RHSA-2015:0708-01 Moderate: Qpid Denial of Service Issues
Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: qpid security and bug fix update Advisory ID: RHSA-2015:0708-01 Product: Red Hat Enterprise MRG for RHEL-7 Advisory URL: https://access.redhat.com/errata/RHSA-2015:0708.html Issue date: 2015-03-19 CVE Names: CVE-2015-0203 CVE-2015-0223 CVE-2015-0224 ==================================================================== 1. Summary: Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat MRG Messaging v.3 for RHEL-7 - i386, noarch, x86_64 3. Description: Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating Messaging, Real Time, and Grid functionality. It offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP (Advanced Message Queuing Protocol), an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes AMQP messaging broker; AMQP client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools. It was discoveredthat the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed. (CVE-2015-0223) A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd. (CVE-2015-0203, CVE-2015-0224) Red Hat would like to thank the Apache Software Foundation for reporting the CVE-2015-0203 issue. Upstream acknowledges G. Geshev from MWR Labs as the original reporter. This update also fixes the following bugs: * Previously, the neutron messaging client rewrote (by method of "monkey-patching") the python selector module to support eventlet threading. The rewritten client did not update select.poll() during this process, which is used by qpid-python to manage I/O. This resulted in poll() deadlocks and neutron server hangs. The fix introduces updates to the python-qpid library that avoid calling poll() if eventlet threading is detected. Instead, the eventlet-aware select() is called, which prevents deadlocks from occurring and corrects the originally reported issue. (BZ#1175872) * It was discovered that the QPID Broker aborted with an uncaught UnknownExchangeTypeException when the client attempted to request an unsupported exchange type. The code for the Exchange Registry and Node Policy has been improved to prevent this issue from happening again. (BZ#1186694) Users of the Messaging capabilities of Red Hat Enterprise MRG 3, which is layered on Red Hat Enterprise Linux 7, are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1181721 - CVE-2015-0203 qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling 1186302 - CVE-2015-0224 qpid-cpp: AMQP0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix) 1186308 - CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented 6. Package List: Red Hat MRG Messaging v.3 for RHEL-7: Source: libdb-5.3.21-17.el7_0.1.src.rpm python-qpid-0.22-19.el7.src.rpm qpid-cpp-0.22-51.el7.src.rpm qpid-qmf-0.22-41.el7.src.rpm i386: python-qpid-qmf-0.22-41.el7.i686.rpm qpid-cpp-client-0.22-51.el7.i686.rpm qpid-cpp-client-devel-0.22-51.el7.i686.rpm qpid-cpp-client-rdma-0.22-51.el7.i686.rpm qpid-cpp-debuginfo-0.22-51.el7.i686.rpm qpid-cpp-server-0.22-51.el7.i686.rpm qpid-cpp-server-devel-0.22-51.el7.i686.rpm qpid-cpp-server-ha-0.22-51.el7.i686.rpm qpid-cpp-server-linearstore-0.22-51.el7.i686.rpm qpid-cpp-server-rdma-0.22-51.el7.i686.rpm qpid-qmf-0.22-41.el7.i686.rpm qpid-qmf-debuginfo-0.22-41.el7.i686.rpm qpid-qmf-devel-0.22-41.el7.i686.rpm ruby-qpid-qmf-0.22-41.el7.i686.rpm noarch: python-qpid-0.22-19.el7.noarch.rpm qpid-cpp-client-devel-docs-0.22-51.el7.noarch.rpm x86_64: libdb-cxx-5.3.21-17.el7_0.1.x86_64.rpm libdb-cxx-devel-5.3.21-17.el7_0.1.x86_64.rpm libdb-debuginfo-5.3.21-17.el7_0.1.x86_64.rpm python-qpid-qmf-0.22-41.el7.x86_64.rpm qpid-cpp-client-0.22-51.el7.i686.rpm qpid-cpp-client-0.22-51.el7.x86_64.rpm qpid-cpp-client-devel-0.22-51.el7.x86_64.rpm qpid-cpp-client-rdma-0.22-51.el7.x86_64.rpm qpid-cpp-debuginfo-0.22-51.el7.i686.rpm qpid-cpp-debuginfo-0.22-51.el7.x86_64.rpm qpid-cpp-server-0.22-51.el7.i686.rpm qpid-cpp-server-0.22-51.el7.x86_64.rpm qpid-cpp-server-devel-0.22-51.el7.x86_64.rpm qpid-cpp-server-ha-0.22-51.el7.x86_64.rpm qpid-cpp-server-linearstore-0.22-51.el7.x86_64.rpm qpid-cpp-server-rdma-0.22-51.el7.x86_64.rpm qpid-qmf-0.22-41.el7.i686.rpm qpid-qmf-0.22-41.el7.x86_64.rpm qpid-qmf-debuginfo-0.22-41.el7.i686.rpm qpid-qmf-debuginfo-0.22-41.el7.x86_64.rpm qpid-qmf-devel-0.22-41.el7.x86_64.rpm ruby-qpid-qmf-0.22-41.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-0203 https://access.redhat.com/security/cve/CVE-2015-0223 https://access.redhat.com/security/cve/CVE-2015-0224 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . Revised qpid software for Red Hat addresses several issues; classified as Moderate security threat by Red Hat Security Team.. Red Hat Enterprise MRG, qpid update, AMQP protocol, messaging security. . LinuxSecurity.com Team
Mar 19, 2015
Red Hat
200
security advisorymoderatebug fixScientific Linux 6: 2012-09-19 Moderate: qpid Connection Limit Issue
Moderate: qpid security, bug fix, and enhancement update. Date: Thu, 20 Sep 2012 08:34:54 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Moderate: qpid on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: qpid security, bug fix, and enhancement update Issue Date: 2012-09-19 CVE Numbers: CVE-2012-2145 Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol (AMQP) in several common programming languages. It was discovered that the Qpid daemon (qpidd) did not allow the number of connections from clients to be restricted. A malicious client could use this flaw to open an excessive amount of connections, preventing other legitimate clients from establishing a connection to qpidd. (CVE-2012-2145) To address CVE-2012-2145, new qpidd configuration options were introduced: max-negotiate-time defines the time during which initial protocol negotiation must succeed, connection-limit-per-user and connection-limit-per-ip can be used to limit the number of connections per user and client host IP. Refer to the qpidd manual page for additional details. In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages have been upgraded to upstream version 0.14, which provides a number of bug fixes and enhancements over the previous version. All users of qpid are advised to upgrade to these updated packages, which fix these issues and add these enhancements. For dependency resolution saslwrapper, saslwrapper-devel, python-saslwrapper, and ruby-saslwrapper have been added to this update SL6 x86_64 python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm Dependencies: python-saslwrapper-0.14-1.el6.x86_64.rpm ruby-saslwrapper-0.14-1.el6.x86_64.rpm saslwrapper-0.14-1.el6.i686.rpm saslwrapper-0.14-1.el6.x86_64.rpm saslwrapper-devel-0.14-1.el6.i686.rpm saslwrapper-devel-0.14-1.el6.x86_64.rpm i386 python-qpid-qmf-0.14-14.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.i686.rpm ruby-qpid-qmf-0.14-14.el6_3.i686.rpm Dependencies: python-saslwrapper-0.14-1.el6.i686.rpm ruby-saslwrapper-0.14-1.el6.i686.rpm saslwrapper-0.14-1.el6.i686.rpm saslwrapper-devel-0.14-1.el6.i686.rpm noarch python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm - Scientific Linux Development Team . Recent improvements to qpid address connection restrictions and boost capabilities on Scientific Linux.. qpid Update, Client Connection Fix, Security Advisory, SL6 Enhancements, Moderate Vulnerabilities. . LinuxSecurity.com Team
Sep 20, 2012
Scientific Linux
98
security advisorymoderateRed HatRed Hat: RHSA-2012:1269-01 Moderate: qpid Connection Limit DoS
Updated qpid packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: qpid security, bug fix, and enhancement update Advisory ID: RHSA-2012:1269-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1269.html Issue date: 2012-09-19 CVE Names: CVE-2012-2145 ==================================================================== 1. Summary: Updated qpid packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol (AMQP) in several common programming languages. It was discovered that the Qpid daemon (qpidd) did not allow the number of connections from clients to be restricted. A malicious client could use this flaw to open an excessive amount of connections, preventing other legitimate clients from establishing a connection to qpidd. (CVE-2012-2145) To address CVE-2012-2145, newqpidd configuration options were introduced: max-negotiate-time defines the time during which initial protocol negotiation must succeed, connection-limit-per-user and connection-limit-per-ip can be used to limit the number of connections per user and client host IP. Refer to the qpidd manual page for additional details. In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages have been upgraded to upstream version 0.14, which provides support for Red Hat Enterprise MRG 2.2, as well as a number of bug fixes and enhancements over the previous version. (BZ#840053, BZ#840055, BZ#840056, BZ#840058) All users of qpid are advised to upgrade to these updated packages, which fix these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 817175 - CVE-2012-2145 qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS 840053 - Build qpid-cpp, qpid-qmf, qpid-tools and python-qpid to support MRG 2.2 on RHEL 6.3 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: python-qpid-qmf-0.14-14.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm ruby-qpid-qmf-0.14-14.el6_3.i686.rpm noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: python-qpid-qmf-0.14-14.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm ruby-qpid-qmf-0.14-14.el6_3.i686.rpm noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm ppc64: python-qpid-qmf-0.14-14.el6_3.ppc64.rpm qpid-cpp-client-0.14-22.el6_3.ppc.rpm qpid-cpp-client-0.14-22.el6_3.ppc64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.ppc.rpm qpid-cpp-client-ssl-0.14-22.el6_3.ppc64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.ppc.rpm qpid-cpp-debuginfo-0.14-22.el6_3.ppc64.rpm qpid-cpp-server-0.14-22.el6_3.ppc.rpm qpid-cpp-server-0.14-22.el6_3.ppc64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.ppc64.rpm qpid-qmf-0.14-14.el6_3.ppc.rpm qpid-qmf-0.14-14.el6_3.ppc64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.ppc.rpm qpid-qmf-debuginfo-0.14-14.el6_3.ppc64.rpm s390x: python-qpid-qmf-0.14-14.el6_3.s390x.rpm qpid-cpp-client-0.14-22.el6_3.s390.rpm qpid-cpp-client-0.14-22.el6_3.s390x.rpm qpid-cpp-client-ssl-0.14-22.el6_3.s390.rpm qpid-cpp-client-ssl-0.14-22.el6_3.s390x.rpm qpid-cpp-debuginfo-0.14-22.el6_3.s390.rpm qpid-cpp-debuginfo-0.14-22.el6_3.s390x.rpm qpid-cpp-server-0.14-22.el6_3.s390.rpm qpid-cpp-server-0.14-22.el6_3.s390x.rpm qpid-cpp-server-ssl-0.14-22.el6_3.s390x.rpm qpid-qmf-0.14-14.el6_3.s390.rpm qpid-qmf-0.14-14.el6_3.s390x.rpm qpid-qmf-debuginfo-0.14-14.el6_3.s390.rpm qpid-qmf-debuginfo-0.14-14.el6_3.s390x.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: python-qpid-qmf-0.14-14.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm ruby-qpid-qmf-0.14-14.el6_3.i686.rpm noarch: python-qpid-0.14-11.el6_3.noarch.rpm qpid-tools-0.14-6.el6_3.noarch.rpm x86_64: python-qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-cpp-client-0.14-22.el6_3.i686.rpm qpid-cpp-client-0.14-22.el6_3.x86_64.rpm qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-0.14-22.el6_3.i686.rpm qpid-cpp-server-0.14-22.el6_3.x86_64.rpm qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm qpid-qmf-0.14-14.el6_3.i686.rpm qpid-qmf-0.14-14.el6_3.x86_64.rpm qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-2145 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQWgqHXlSAg2UNWIIRAn/sAJ48rNQs0s/YBsRQ/4+tXSaXzoJvlQCfZvZB o+f8xwCzqivGsoGmA6Msvqg=YrBU -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 19, 2012
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!