- Issued:
- 2014-12-03
- Updated:
- 2014-12-03
RHBA-2014:1950 - Bug Fix Advisory
Synopsis
Red Hat Enterprise MRG 2.5 Messaging and Grid update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated packages that disable SSLv2/3 usage are now available
for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5.
Description
Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.
These updated packages address a vulnerability in the SSLv3 protocols,
which is commonly referred to as POODLE. POODLE stands for Padding Oracle
On
Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle
attacker to decrypt ciphertext using a padding oracle side-channel attack.
POODLE affects older standards of encryption, specifically Secure Socket
Layer
(SSL) version 3. It does not affect the newer encryption mechanism known
as Transport Layer Security (TLS). As such, these updated packages
implement the
recommended action to disable SSLv3 in the C++ broker (qpid-cpp),
Windows C++ client (qpid-qmf), Java client (qpid-java), and cumin (cumin).
All users of Red Hat Enterprise MRG 2.5 for Red Hat Enterprise
Linux 5 are advised to upgrade to these updated packages, which correct
these issues.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
Affected Products
- MRG Grid from RHUI 2 for RHEL 5 x86_64
- Red Hat Enterprise MRG Messaging 2 for RHEL 5 x86_64
- Red Hat Enterprise MRG Messaging 2 for RHEL 5 i386
- MRG Grid 2 for RHEL 5 x86_64
- MRG Grid 2 for RHEL 5 i386
Fixes
- BZ - 1164011 - MRG 2.5.9/RHEL-5 errata placeholder
CVEs
(none)
References
(none)
MRG Grid from RHUI 2 for RHEL 5
SRPM | |
---|---|
x86_64 |
Red Hat Enterprise MRG Messaging 2 for RHEL 5
SRPM | |
---|---|
qpid-cpp-mrg-0.18-36.el5_10.src.rpm | SHA-256: 8a04ebe212a45ae02f2d9389a7f64e94b7c5de0ece5c553aa0b250f48c361837 |
qpid-java-0.18-9.el5_9.src.rpm | SHA-256: b95ad66e95fcd9feabf91582c3dae9c8681b54df1d372603b0219be74cae02b8 |
qpid-qmf-0.18-29.el5_10.src.rpm | SHA-256: f9da21765eb3820bdeb4fb8903ef579127ee8133525ab88ff5c8847c7145e4d8 |
x86_64 | |
python-qpid-qmf-0.18-29.el5_10.x86_64.rpm | SHA-256: c3497a9ea04ba7427e1aeafa8aa7236371904565b1ecb80a23188ce3d835309e |
qpid-cpp-client-0.18-36.el5_10.x86_64.rpm | SHA-256: 24f2e9583207eb09bd5c025727eff9efcd0a2fbe340ee91713c775640b69be94 |
qpid-cpp-client-devel-0.18-36.el5_10.x86_64.rpm | SHA-256: e81afb8aa23d507469e02fcf51aad109a384d430ded50e83bc038458d416a662 |
qpid-cpp-client-devel-docs-0.18-36.el5_10.x86_64.rpm | SHA-256: 19692adea1c5a6b7bb34a6f132bf419a383bcea912797d68b6c20a8488db63b7 |
qpid-cpp-client-rdma-0.18-36.el5_10.x86_64.rpm | SHA-256: 9626e0312881d79122cc62257f50dc0738c452be10f54b5693454a54c087b5e4 |
qpid-cpp-client-ssl-0.18-36.el5_10.x86_64.rpm | SHA-256: ea927ced8814c0322f0066c9a3194d81db1e39827efef13a4f3024ecc0d31bd5 |
qpid-cpp-server-0.18-36.el5_10.x86_64.rpm | SHA-256: d7399e9a2017b7f7d114695cb19ae4c873f3eb4cba154a36eb68324efdc6d9bf |
qpid-cpp-server-cluster-0.18-36.el5_10.x86_64.rpm | SHA-256: 6c75a58983aae0b712f5037347fb9b7f1371c39f8c20c55be57186d3a0878c7f |
qpid-cpp-server-devel-0.18-36.el5_10.x86_64.rpm | SHA-256: ce8a27098ac8dcb4c22760bf8883d70e4741a3d25d3c855e62e267f9b2a4ffb8 |
qpid-cpp-server-rdma-0.18-36.el5_10.x86_64.rpm | SHA-256: ed717fb12102af99109bb68c2e07902eabcd0dfb1799581f06e13d565f373f56 |
qpid-cpp-server-ssl-0.18-36.el5_10.x86_64.rpm | SHA-256: 19919e23047332e9a9a30e1cbed44794069d8a8b6796321b8b8530205c908177 |
qpid-cpp-server-store-0.18-36.el5_10.x86_64.rpm | SHA-256: 711d8638a397173d021c8a35dbeec178107e10d2c1027bfbacabc3c90a3d6109 |
qpid-cpp-server-xml-0.18-36.el5_10.x86_64.rpm | SHA-256: 537cf9bdaf9349d1511690a3315c173dd73ac2ef8ff11a424b00dc8be606828a |
qpid-java-client-0.18-9.el5_9.noarch.rpm | SHA-256: 4f7545368f9099b6e09971d0fa5c432170a55d34895f8271bf7be8464907e26d |
qpid-java-common-0.18-9.el5_9.noarch.rpm | SHA-256: b3b21e65ff8600aeae4967c005251720224c6937f8e6710e0f575fa305452930 |
qpid-java-example-0.18-9.el5_9.noarch.rpm | SHA-256: 22e75b90c38b1c2b525078f0816e036e8f330d32f6148f97fe8dbc19f1e2d541 |
qpid-qmf-0.18-29.el5_10.x86_64.rpm | SHA-256: 6ea9dadb6432b8c0c57be9f3f8fbaec79e27652f562f1dc90443380c950bfe5c |
qpid-qmf-devel-0.18-29.el5_10.x86_64.rpm | SHA-256: 6b7c9c2424cb5fcf6a568e7b779bafdf46b4e9595fd14c0bc8676fe48cbb0b31 |
ruby-qpid-qmf-0.18-29.el5_10.x86_64.rpm | SHA-256: 4552be932640827c172222828a56477088572224249270cc38f3c29fb703eb28 |
i386 | |
python-qpid-qmf-0.18-29.el5_10.i386.rpm | SHA-256: f3b1605eafeb58d4ed9eec1d4d6cedcec7c52d27eb765135cbf9847b4762c852 |
qpid-cpp-client-0.18-36.el5_10.i386.rpm | SHA-256: cdfa0180ebd7a8db7b6d0a11e217c10eb37b4300bbfcec2306c8a62ccf021453 |
qpid-cpp-client-devel-0.18-36.el5_10.i386.rpm | SHA-256: 6a975b557a4f872bc3301633cd4fc040ba52de9b7c36e2f033cbc6257d599bb0 |
qpid-cpp-client-devel-docs-0.18-36.el5_10.i386.rpm | SHA-256: 1ad26786bd4223a4a2a4aaab02231e7bb34fbb71b0daf9dadc48e729280d2e68 |
qpid-cpp-client-rdma-0.18-36.el5_10.i386.rpm | SHA-256: 770f097f8ff145bb5398d38e61bbe6a40da56744e235746bb5547055c4d17c14 |
qpid-cpp-client-ssl-0.18-36.el5_10.i386.rpm | SHA-256: 9f3fafeb6ee40324f37ece4d57ef1ba89edf08d9ced49f66d093f82da23c942c |
qpid-cpp-server-0.18-36.el5_10.i386.rpm | SHA-256: 1283e7917a8fc5d0c49de172a3455c2042d56bdb3a130e0a689a64e5219223bb |
qpid-cpp-server-cluster-0.18-36.el5_10.i386.rpm | SHA-256: 0e84d211e0d97674a1bbe475449f8e85c63a1d0930918120ccf534f9904466f5 |
qpid-cpp-server-devel-0.18-36.el5_10.i386.rpm | SHA-256: 0a53e38e278658f8b3011c2fdcce1a0cba6eb5e287aded9290ac15b0dbb38ed6 |
qpid-cpp-server-rdma-0.18-36.el5_10.i386.rpm | SHA-256: a32033a6a7c1174a38c54c726988688a3cc6d227efcecb15eee791051a65cc38 |
qpid-cpp-server-ssl-0.18-36.el5_10.i386.rpm | SHA-256: 66beb029541b61e81ad70bab7f319ae7c8b496187b3e33ab41657c167de9d241 |
qpid-cpp-server-store-0.18-36.el5_10.i386.rpm | SHA-256: 11f0779e30fabe718a6d8fbe6cd41208682c8a3f29d246f3a94b53ffb1bf2017 |
qpid-cpp-server-xml-0.18-36.el5_10.i386.rpm | SHA-256: 61f6a4649ad3be8773ffb35adb4924a443ce899206474f464f898906a6548208 |
qpid-java-client-0.18-9.el5_9.noarch.rpm | SHA-256: 4f7545368f9099b6e09971d0fa5c432170a55d34895f8271bf7be8464907e26d |
qpid-java-common-0.18-9.el5_9.noarch.rpm | SHA-256: b3b21e65ff8600aeae4967c005251720224c6937f8e6710e0f575fa305452930 |
qpid-java-example-0.18-9.el5_9.noarch.rpm | SHA-256: 22e75b90c38b1c2b525078f0816e036e8f330d32f6148f97fe8dbc19f1e2d541 |
qpid-qmf-0.18-29.el5_10.i386.rpm | SHA-256: c8da20616f5b413d1648bc881662e5bfb06b52fcffd731e31668387027147612 |
qpid-qmf-devel-0.18-29.el5_10.i386.rpm | SHA-256: e7c0a2179b8e6b6dc6ae2bfc17dd3c8b2a61705244464a319f138132bd56c42f |
ruby-qpid-qmf-0.18-29.el5_10.i386.rpm | SHA-256: 2b3612e955cc4b1d4cf719d1738c5b58e1d7d82feafd9d3393a32bc7574559d0 |
MRG Grid 2 for RHEL 5
SRPM | |
---|---|
cumin-0.1.5796-6.el5_9.src.rpm | SHA-256: b211ec23052c4f8d6d4ca3cc440e9a79e4ffaa6ccafce16a70990c46eaab8538 |
x86_64 | |
cumin-0.1.5796-6.el5_9.noarch.rpm | SHA-256: 90578166e2c4ae1b7df0ae741f0cde491ba4e95aa2f168dbd40debcdba5af68d |
i386 | |
cumin-0.1.5796-6.el5_9.noarch.rpm | SHA-256: 90578166e2c4ae1b7df0ae741f0cde491ba4e95aa2f168dbd40debcdba5af68d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.