Important: Red Hat Enterprise MRG Messaging and Grid security update
| Advisory: | RHSA-2010:0921-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Important |
| Issued on: | 2010-11-30 |
| Last updated on: | 2010-11-30 |
| Affected Products: | Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5) |
| CVEs (cve.mitre.org): |
CVE-2010-4179 |
Details
Updated Red Hat Enterprise MRG Messaging and Grid packages that fix one
security issue and several bugs are now available for Red Hat Enterprise
Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT
infrastructure for enterprise computing. MRG Messaging implements the
Advanced Message Queuing Protocol (AMQP) standard, adding persistence
options, kernel optimizations, and operating system services.
The Management Console Installation Guide for Red Hat Enterprise MRG 1.3
instructed administrators to configure Condor to allow the MRG Management
Console (cumin) to submit jobs on behalf of a user. This configuration
facilitated a trust relationship between cumin and the Condor QMF plug-ins;
however, there was inadequate access control on the trusted channel,
allowing anyone able to publish to a broker to submit jobs to run as any
other user (except root, as Condor does not run jobs as root).
(CVE-2010-4179)
These updated packages also include multiple bug fixes. Users are directed
to the Red Hat Enterprise MRG 1.3 Technical Notes for information on these
changes:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/RHSA-2010-0921.html
All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which correct this issue and the issues noted in the Red Hat
Enterprise MRG 1.3 Technical Notes. After installing the updated packages,
Condor must be restarted for the update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5) | |
| SRPMS: | |
| condor-7.4.4-0.17.el5.src.rpm File outdated by: RHBA-2011:0217 |
MD5: 4126e8c46f20e02348c39516dcc93a1e SHA-256: 2b09af6b3b6734497b9708dcba970ebe18e2b9ed228db8acd9fba4e0e4e09dfa |
| cumin-0.1.4410-2.el5.src.rpm File outdated by: RHBA-2011:0217 |
MD5: bf39a4d4e653280b44dd07c0062014a5 SHA-256: 635bf4f489c45fa8848398fbe0c2ec1f1bab22934fee83c0f9bc795e236a022d |
| python-qmf-0.7.946106-14.el5.src.rpm | MD5: 8d282e153373b22d82564edfe7fcffe5 SHA-256: fd91d9c4a4965d5bca954510c9f6bc78907271d8a621a64b109de61290327cba |
| qpid-cpp-mrg-0.7.946106-22.el5.src.rpm File outdated by: RHBA-2011:1147 |
MD5: 2bcd74e0b436283d6e03bf8bbc63d7f0 SHA-256: 863101923b843c82f45bf3f905b38b02eb45dcae6939ff7db9265062f24cd58a |
| qpid-java-0.7.946106-12.el5.src.rpm File outdated by: RHBA-2011:1147 |
MD5: 990e68007662e560b3307c3b861470b3 SHA-256: c2e261985252ba2e04257910fd571f1125af3fb85198f40ffe1b93aa27947c69 |
| sesame-0.7.4297-4.el5.src.rpm File outdated by: RHBA-2011:0217 |
MD5: f225289ed1bfcd76aaf334136a0d2295 SHA-256: 8efe7064dfb5933ae9fbacc29de4d570a9b79c25355a1c82342ab1708f0d638f |
| IA-32: | |
| condor-7.4.4-0.17.el5.i386.rpm File outdated by: RHBA-2011:0217 |
MD5: 76338ebdc328276414a45ed3c57aeed1 SHA-256: 903d303c00dd012a1b01fa969f8d6d531b341e994b5ea0cc3bc51ff8dd8bdd0b |
| condor-kbdd-7.4.4-0.17.el5.i386.rpm File outdated by: RHBA-2011:0217 |
MD5: 74cb1635c703572a18526b68d964b357 SHA-256: 41026c5cdb915def972ec3a7b170ef7f19a7a65895eb974b6454b1d78df04006 |
| condor-qmf-7.4.4-0.17.el5.i386.rpm File outdated by: RHBA-2011:0217 |
MD5: f974a465bbc36f482461c66038faf364 SHA-256: 179f9db25db4c4932a91ac92e4b9273ffed6d1cf523dde4ddeca91e8f21daf85 |
| condor-vm-gahp-7.4.4-0.17.el5.i386.rpm File outdated by: RHBA-2011:0217 |
MD5: e989fb614c6aa86b1be9623ad972a96c SHA-256: a9bd5152a655ecb3a27d49a245ccf942adfc71cf03cfea462901a2b3e9fcc1b7 |
| cumin-0.1.4410-2.el5.noarch.rpm File outdated by: RHBA-2011:0217 |
MD5: 3d78c18cce405d96cdb73138812e87b2 SHA-256: c0ba8fb9c2d17192ec47e93273dd0f22feb977a71dbf5c55ea1f6392c64a2de5 |
| python-qmf-0.7.946106-14.el5.noarch.rpm | MD5: b3b4129c6760421acb1270aa2471c280 SHA-256: faf6cff7c94f9de3f3898aef325aa00e104a6cd67d02e3133500606bb172ca56 |
| qmf-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 449309b5100333b68097862fc5162805 SHA-256: af042a3011e6ba59cdd35c74e6ddfaa481f5a9e27e28743ddcf9035b6e747277 |
| qmf-devel-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: ebcce26a4d7b45a12572f4dafa2df943 SHA-256: 9a1b5f911bf47866f44f6b90601588d39ab467fc2c956d5505896c58b9189c38 |
| qpid-cpp-client-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 59ebbb7546eeeba3c53f220cb9d09835 SHA-256: 1dc4f9fbe872412d29fd9a1f6eedf1a414122e3d33ec763c0ad185da06c28ed7 |
| qpid-cpp-client-devel-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 5a54ca6bcd7a06ba65567eafece5e395 SHA-256: de9a0f4a1a90f4ff8cdaba626c54b28bf8a74a8e656977b5f98f2200ad94f383 |
| qpid-cpp-client-devel-docs-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 64acdc47c8688123e6a96916295296a3 SHA-256: 8d7566cb5fd78655d266c8050b8edbbbf749e38f61828b9c8272927e21886d15 |
| qpid-cpp-client-rdma-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 739efb4d5faa95716c5ed7b17834c05b SHA-256: ee4437d282d817459eceedcd8b84012c37ef225ddcf442128a71afe1b9a67777 |
| qpid-cpp-client-ssl-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: a6aec4fc3454d44937ccb1c5abdefbca SHA-256: fa6c1289107c15bee1543d47ac1db7e76e2ca5b72b1107f3c3af561bf54a60d8 |
| qpid-cpp-server-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 3ad214f07daa2a18695e13bbaed02bf2 SHA-256: 1c8bc9a45ba9a9bc6be4491d4745b43bdc2e4b4bff6d1d38eb11d8279ef6ec38 |
| qpid-cpp-server-cluster-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 169489f0db52792ca41fef6641210911 SHA-256: 3b6742e86e11e7299e805838457c11237377870eab95822eccec71715b84d6aa |
| qpid-cpp-server-devel-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: c8c9ff385dca24ecd3d9125d80b31b01 SHA-256: f8db5a164a748a3c64dcd4f60611b4febb6b145e819e8867764c423e1acd60d2 |
| qpid-cpp-server-rdma-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: fcc86cbe966be07b2c4e892157c4d996 SHA-256: d1a0ce6fb94e0d25537ffb15a85ab76465dab065eaecad09c1ff1381483e3e86 |
| qpid-cpp-server-ssl-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 64bbca1c9e1e8dbf6c8692929fdfa7c0 SHA-256: e4d99fc44afcf2e24f672ef7aeb975a02668f34b39166e43c867e8879e6cfbec |
| qpid-cpp-server-store-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: a6592ffc8ff0610cbd945806d5ab8896 SHA-256: 8a37438b022e6f9c0db023afa6e6116bb04004e117cf65e063721bc80cf97236 |
| qpid-cpp-server-xml-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 0462eed5cf8dff3964d2870bf3378868 SHA-256: bbf9754f58712af86b108de6241bcb2c6c6e78a3d35d199b1b85e2c9518025ed |
| qpid-java-client-0.7.946106-12.el5.noarch.rpm File outdated by: RHBA-2011:1147 |
MD5: d03e7bd411f9023f051f73916f7b9d4f SHA-256: dd82b8fac48071b831dda4ba683306dfe0384cb27c70fe18a7e9992110eec1a3 |
| qpid-java-common-0.7.946106-12.el5.noarch.rpm File outdated by: RHBA-2011:1147 |
MD5: ee6b87ae826577f1934b1b9646c1e1a5 SHA-256: a8b93fc6039d39d9be843daa4c12ed1d9c64dfbf592b3689395f744ea4422666 |
| qpid-java-example-0.7.946106-12.el5.noarch.rpm File outdated by: RHBA-2011:1147 |
MD5: 439246da39aba9c46f3900a28e15c37c SHA-256: 3acd90dd82fcd5d20c7a9addaf9123b1d262db86d2d2b9e1382662b40d5d72cf |
| rh-qpid-cpp-tests-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:0217 |
MD5: 75c75a1af2638acb7f0d69cdcd1e36cc SHA-256: d2d5fcc58ee638ea945d39d73b73dfae39b7cb55233146f994b943d9d21c4b39 |
| ruby-qmf-0.7.946106-22.el5.i386.rpm File outdated by: RHBA-2011:1147 |
MD5: 3524f4c52eaa92ac391f997b74672a96 SHA-256: 09058ef74c294f2ee0fa540f8f625f93712f610acdaab8499dd566a075eb700b |
| sesame-0.7.4297-4.el5.i386.rpm File outdated by: RHBA-2011:0217 |
MD5: 599005f0f2b9dc2e503e70598bcbd601 SHA-256: c1b89345b598556c8c0affaf3c0f16f5f4534ff8b3c2f62a6fc342a152d4c945 |
| x86_64: | |
| condor-7.4.4-0.17.el5.x86_64.rpm File outdated by: RHBA-2011:0217 |
MD5: 880d2b721a2e8b7c787def8a9dec212f SHA-256: aa3ddce1b79e1ae0ef868a597f258c731a94269c0c76d09186fe68795821b731 |
| condor-kbdd-7.4.4-0.17.el5.x86_64.rpm File outdated by: RHBA-2011:0217 |
MD5: 603201ed6e370e505f2d0ed8898bb4ca SHA-256: c5053bd71cb7e6ba7ea63af54350b569d0a385e1ac4373b5b1fcff43c28b0531 |
| condor-qmf-7.4.4-0.17.el5.x86_64.rpm File outdated by: RHBA-2011:0217 |
MD5: 0fe663c5b06bbc95ed2ff7d18af71c3b SHA-256: b48f9006426f520bfb4511f2b4cfbc239b64c59962b9a5ce628c5a2bb3ac49a3 |
| condor-vm-gahp-7.4.4-0.17.el5.x86_64.rpm File outdated by: RHBA-2011:0217 |
MD5: f56965f8539c02053d33d5ea12d94a5a SHA-256: b27ee22a91eb5baa82ae2824f68094314c8af5dc77d41117e783b1ceb1734787 |
| cumin-0.1.4410-2.el5.noarch.rpm File outdated by: RHBA-2011:0217 |
MD5: 3d78c18cce405d96cdb73138812e87b2 SHA-256: c0ba8fb9c2d17192ec47e93273dd0f22feb977a71dbf5c55ea1f6392c64a2de5 |
| python-qmf-0.7.946106-14.el5.noarch.rpm | MD5: b3b4129c6760421acb1270aa2471c280 SHA-256: faf6cff7c94f9de3f3898aef325aa00e104a6cd67d02e3133500606bb172ca56 |
| qmf-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 8608a6829261e7d4fe022d5e64c0573e SHA-256: 524d574ec56d07fcb841bbc4a37ea231d9bb9912a7a1d3b5383a077aef56c3bf |
| qmf-devel-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 8d27d19f5cdcea5412c0d0e98f24b27c SHA-256: 6dac71c966daae105c9332937d60d98f681d371708b23ee04c294427aeaaf463 |
| qpid-cpp-client-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 60a6203d57902f3f2884eb07d9979e19 SHA-256: f6f5e513eef8cafd69e1bf394b0ee2ee0c9cdab86409ce1b189cacd3b87c0b38 |
| qpid-cpp-client-devel-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 07c08e906fd46bdc4668882dfd48a0c8 SHA-256: ad8e54c5ede2c19b36c0035ed6a67de4d6a3baaea5641d43af4d4747e2c158db |
| qpid-cpp-client-devel-docs-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 6f4cb8f86d4bc4001e9ba0d00133ab1e SHA-256: 283d34cdf973b6595bf8e53d291818c70a811070eb1953e52e3b9b6ef94ac067 |
| qpid-cpp-client-rdma-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 2dddeb89f4a21e1ff043a49a929f32cc SHA-256: c2dca3a20607c3de27e2e83439387dc7a34dab055c06a8267ec87be87533d467 |
| qpid-cpp-client-ssl-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 8ba7e87627f4b23783bdeccc1f7bc6bd SHA-256: c3764865a7fe8dc98b57d06e6d95ca623be209806cc1e70913440e1d94ac414c |
| qpid-cpp-server-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 3c422f34ad4ab0b855911243e8f175f8 SHA-256: 148e0dcf7320bbb03d5c49ff5ec5dd3e745ca70a026d8f401ed088d96f1fdaae |
| qpid-cpp-server-cluster-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 8da0e6ce8b0995111992e5574265a3c6 SHA-256: ba565e0d8d94689f1d252ec5597f32c21a3f0e160eb196f7ba2c3972d972ae78 |
| qpid-cpp-server-devel-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 1d7d63890cb4204026b34cb54749307d SHA-256: 1d0b7068392a7b612c4e359a8cf3ee4870adbbd9661902c635e5ceeff2bdd9ff |
| qpid-cpp-server-rdma-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 37d63aed5a33c30a5284131039f660c3 SHA-256: a761b05f4240b72f66e23ef0a1165c6c4fa3e12c1a6d737abf9d196f900739b4 |
| qpid-cpp-server-ssl-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 6e2665e74a3de1d7a63413adfe42d176 SHA-256: 67db1b64deef57076e5dcfc03796c0907ee9cf2db896cc57bb517862efecbc69 |
| qpid-cpp-server-store-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: 038722618e89facf58d3726135d00813 SHA-256: 51976363278219451c7886b97c5f07042c325f058aeba36b1e500f85d01e4b63 |
| qpid-cpp-server-xml-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: f54e3d5a2cca3880e67da6da46f7530c SHA-256: 8fa7e586cb3efbb2e227bd241697c28fbcd13c5f3ffe98c492eb0fc1584425d7 |
| qpid-java-client-0.7.946106-12.el5.noarch.rpm File outdated by: RHBA-2011:1147 |
MD5: d03e7bd411f9023f051f73916f7b9d4f SHA-256: dd82b8fac48071b831dda4ba683306dfe0384cb27c70fe18a7e9992110eec1a3 |
| qpid-java-common-0.7.946106-12.el5.noarch.rpm File outdated by: RHBA-2011:1147 |
MD5: ee6b87ae826577f1934b1b9646c1e1a5 SHA-256: a8b93fc6039d39d9be843daa4c12ed1d9c64dfbf592b3689395f744ea4422666 |
| qpid-java-example-0.7.946106-12.el5.noarch.rpm File outdated by: RHBA-2011:1147 |
MD5: 439246da39aba9c46f3900a28e15c37c SHA-256: 3acd90dd82fcd5d20c7a9addaf9123b1d262db86d2d2b9e1382662b40d5d72cf |
| rh-qpid-cpp-tests-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:0217 |
MD5: 4df5f26101f1a89dfdff16b7ee202214 SHA-256: 6efb4307dc44698d0b46d54fd5cb26655000673e0806f3f9332cfa84c5b1d5e0 |
| ruby-qmf-0.7.946106-22.el5.x86_64.rpm File outdated by: RHBA-2011:1147 |
MD5: b64046136a3d62a3eb6b95df9fd683a0 SHA-256: b9903dd38094f2698b77caa409db8c79945e41f65e597d9fa3358b1cd2f54ae5 |
| sesame-0.7.4297-4.el5.x86_64.rpm File outdated by: RHBA-2011:0217 |
MD5: 131537021c4a7130eb9b265ece1232ec SHA-256: ede49f723d285a62d58dfec46059e0f02720243eb63803a6d4a201760f038fb4 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
620687 - hello_world example does not allow connection options to be set
621468 - rejected messages are not dequeued
631567 - The C++ address parser throws an exception and leaks memory if it parses an empty list
636850 - QMF: console.py fails to pass v2-style events up to console
643384 - Cumin: NameError: global name 'UpdateException' is not defined
647860 - Incorrect detection of data types in address parameters - C++ client
647861 - Incorrect handling of datatypes for numeric queue constraints
649822 - Need mechanism to limit access to QMF Agent methods
649915 - protect cumin password wherever it lives
652463 - Acknowledged messages are not confirmed
654856 - CVE-2010-4179 schedd plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops
References
https://www.redhat.com/security/data/cve/CVE-2010-4179.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/RHSA-2010-0921.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/RHSA-2010-0921.html
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
