- Issued:
- 2014-12-03
- Updated:
- 2014-12-03
RHBA-2014:1952 - Bug Fix Advisory
Synopsis
Red Hat Enterprise MRG Messaging 3.0 Release
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat Enterprise MRG Messaging 3 packages that include a number of bug fixes are now available Red Hat Enterprise Linux 6.
Description
Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating
Messaging, Realtime, and Grid functionality. It offers increased performance,
reliability, interoperability, and faster computing for enterprise customers.
MRG Messaging is a high-speed reliable messaging distribution for Linux based on
AMQP (Advanced Message Queuing Protocol), an open protocol standard for
enterprise messaging that is designed to make mission critical messaging widely
available as a standard service, and to make enterprise messaging interoperable
across platforms, programming languages, and vendors.
MRG Messaging includes AMQP messaging broker; AMQP client libraries for C++,
Java JMS, and Python; as well as persistence libraries and management tools.
These updated packages for Red Hat Enterprise Linux 6 include a number of bug
fixes for the Messaging component of MRG.
It was discovered that when two journals concurrently requested a new journal
file from an empty EFP, the Broker could segfault. A fix to popEmptyFile now
performs an _atomic_ test-and-create-and-grab for the EFP file, which prevents
the segfault from occurring. (BZ#1150397)
A vulnerability was discovered in the SSLv2 and SSLv3 protocols,
which is commonly referred to as POODLE. POODLE stands for Padding Oracle On
Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle
attacker to decrypt ciphertext using a padding oracle side-channel attack.
POODLE affects older standards of encryption, specifically Secure Socket Layer
(SSL) version 2 and 3. It does not affect the newer encryption mechanism known
as Transport Layer Security (TLS). As such, these updated packages implement the
recommended action to disable SSLv2 and SSLv3 in the C++ broker (qpid-cpp),
Windows C++ client (qpid-qmf), and Java client (qpid-java).
(BZ#1153757, BZ#1153774, BZ#1153776)
Users of the Messaging capabilities of Red Hat Enterprise MRG 3.0, which is
layered on Red Hat Enterprise Linux 6, are advised to upgrade to these updated
packages, which provide numerous bug fixes and enhancements.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat Enterprise MRG Messaging 3 x86_64
- Red Hat Enterprise MRG Messaging 3 i386
Fixes
- BZ - RHBA-2014:1952 - [linearstore] segfault when 2 journals request new journal file from empty EFP
CVEs
(none)
Red Hat Enterprise MRG Messaging 3
SRPM | |
---|---|
qpid-cpp-0.22-50.el6.src.rpm | SHA-256: d0c7a4e3849ed5b1efab283b04079a80563b51f7d0aa8d3109a207acf39f30b2 |
qpid-java-0.22-8.el6.src.rpm | SHA-256: a8d527de7482a6f100fd7f799b03532ad6a4b7950fc72f616f3f3e85ed856497 |
qpid-qmf-0.22-40.el6.src.rpm | SHA-256: 2752434969c5d12c6f39ccba5e5a0b3a5225020145fd0d932fee247b23251e73 |
x86_64 | |
python-qpid-qmf-0.22-40.el6.x86_64.rpm | SHA-256: 3e096533de64eb1695982a365711136d0366ca78f25ab1b9fbe880b252bdb528 |
qpid-cpp-client-0.22-50.el6.i686.rpm | SHA-256: ff1a6b2de360f8e618765e6d1b301df09d553ecc5120951514f24f2bad170c3d |
qpid-cpp-client-0.22-50.el6.x86_64.rpm | SHA-256: 7ee4f3c5e437cff65437dc9eb47cc57b7f2402e94ad8a3caed2b995c48c5659b |
qpid-cpp-client-devel-0.22-50.el6.x86_64.rpm | SHA-256: 726bac1ca13e0f5a4311a53e7e21d6c1105045844cd5471e4923b5f83000265d |
qpid-cpp-client-devel-docs-0.22-50.el6.noarch.rpm | SHA-256: 0903811379c3699eb0f2f07e9a63cdc774c4f2b7da652528eef5f1cc5fad28ed |
qpid-cpp-client-rdma-0.22-50.el6.x86_64.rpm | SHA-256: 26131fc184b9603e3662aba71b70c0576d2dd2ad55b8a5e3298287ce09ccd3c7 |
qpid-cpp-debuginfo-0.22-50.el6.i686.rpm | SHA-256: 43851faeb999d8f93d077bedb67cc3166aa2f3394fa3ae29f7ff7b648d51908c |
qpid-cpp-debuginfo-0.22-50.el6.x86_64.rpm | SHA-256: cd9975a437206aff041c8de4561b3e5b83a8685353d06c78c761cae58455735b |
qpid-cpp-server-0.22-50.el6.i686.rpm | SHA-256: 6247c15a2325001f65528819853df1ed4fe281c15a65665d639b8309b3518c32 |
qpid-cpp-server-0.22-50.el6.x86_64.rpm | SHA-256: 3b753613f78ef756429de0c83c0bfdbacad613b4e2c32ec5f35a29584a06b2a8 |
qpid-cpp-server-devel-0.22-50.el6.x86_64.rpm | SHA-256: d3eb58e262202d2d0a2874e6cff86fb9d9289f7f42dd11bb832c28a554965f92 |
qpid-cpp-server-ha-0.22-50.el6.x86_64.rpm | SHA-256: f0b6d029689d5a84bce752a3887c7abe5315607d7ee747b0a81c011df78bdb5d |
qpid-cpp-server-linearstore-0.22-50.el6.x86_64.rpm | SHA-256: 7041972acb9a341aba2f543d8b8334dfff660669ab0568d3833de0265250a170 |
qpid-cpp-server-rdma-0.22-50.el6.x86_64.rpm | SHA-256: 068d951da17059339cda1ec48b92a335cc8438ffc292d9210c0fe232f128f2a4 |
qpid-cpp-server-xml-0.22-50.el6.x86_64.rpm | SHA-256: 3f5509ad8c8a130c50e1a8ab5dbdb65893acaa4c428f39a66caac65af508f627 |
qpid-java-client-0.22-8.el6.noarch.rpm | SHA-256: 16f8fe96baf3f2e4e18ef336184879d56ae5e729543f0402219d969b1a125050 |
qpid-java-common-0.22-8.el6.noarch.rpm | SHA-256: 763727d5802988566cd54c0cb74e3f9fdad503443b1c030bb804774746e5e6d0 |
qpid-java-example-0.22-8.el6.noarch.rpm | SHA-256: 3312393bd5b0a0a839e35bbabbbdddb81b1cc1983d23eea239417caf404317ac |
qpid-qmf-0.22-40.el6.i686.rpm | SHA-256: e2620871ae0ddd9ab867b44c6644ea8967a690ebf6d7c60973b940b57b6c77e6 |
qpid-qmf-0.22-40.el6.x86_64.rpm | SHA-256: d48ad21cbf62fd1c50f74e5ffdb5863ee37037a49af97d8ad7d43f0378047c35 |
qpid-qmf-debuginfo-0.22-40.el6.i686.rpm | SHA-256: 27936bef167a9e9d84d982ee5dff449e5957ac1940c73abd1141f46516799e16 |
qpid-qmf-debuginfo-0.22-40.el6.x86_64.rpm | SHA-256: 71ddeadd5dea63cf0ccb3325cec3c71690e9296cefd6ceace78f1cd27f4a43d7 |
qpid-qmf-devel-0.22-40.el6.x86_64.rpm | SHA-256: 0d182c6976370502e3b7641ae5d7653b493b51e377748a07aa554b05fa725100 |
ruby-qpid-qmf-0.22-40.el6.x86_64.rpm | SHA-256: 75b50f2e83a751bfd1565032165da74bb5e25104e7d4d80028df1c243d383951 |
i386 | |
python-qpid-qmf-0.22-40.el6.i686.rpm | SHA-256: 023f7fedeb30bdc5b8152272c98f5de8f8d819e226c5463c2d33e08cb3430786 |
qpid-cpp-client-0.22-50.el6.i686.rpm | SHA-256: ff1a6b2de360f8e618765e6d1b301df09d553ecc5120951514f24f2bad170c3d |
qpid-cpp-client-devel-0.22-50.el6.i686.rpm | SHA-256: fd5b4f6543d8c0f6a8cd7383c33fc2879cb6b9d3513f99cb029d5d97bee7c8fb |
qpid-cpp-client-devel-docs-0.22-50.el6.noarch.rpm | SHA-256: 0903811379c3699eb0f2f07e9a63cdc774c4f2b7da652528eef5f1cc5fad28ed |
qpid-cpp-client-rdma-0.22-50.el6.i686.rpm | SHA-256: 3a57b86f7fffbea930f0d6abc563e58628fb548f536037cf03361a58c2eea7ab |
qpid-cpp-debuginfo-0.22-50.el6.i686.rpm | SHA-256: 43851faeb999d8f93d077bedb67cc3166aa2f3394fa3ae29f7ff7b648d51908c |
qpid-cpp-server-0.22-50.el6.i686.rpm | SHA-256: 6247c15a2325001f65528819853df1ed4fe281c15a65665d639b8309b3518c32 |
qpid-cpp-server-devel-0.22-50.el6.i686.rpm | SHA-256: e0d7a302e4e91bd23fedebced37fc353e32b344c1f9f3da4e8f19cf4c7c5ea64 |
qpid-cpp-server-ha-0.22-50.el6.i686.rpm | SHA-256: ce6dafe041e823b25a39ac21c64f4eb213f0a9606f9a334699e35f94664583dd |
qpid-cpp-server-linearstore-0.22-50.el6.i686.rpm | SHA-256: bb9ec17ccf50ff2b36be36b4e8d7503bc6e8b9876e99fa5952f36d2eec984c0d |
qpid-cpp-server-rdma-0.22-50.el6.i686.rpm | SHA-256: 8b6de49925a46964fa60eb14b7478ef74f7c270efcffec8027c92b97fc952642 |
qpid-cpp-server-xml-0.22-50.el6.i686.rpm | SHA-256: 0c431abd180cc646308e5f2c7e2c9a76a525d20628d5e7c16db842ebb33a04df |
qpid-java-client-0.22-8.el6.noarch.rpm | SHA-256: 16f8fe96baf3f2e4e18ef336184879d56ae5e729543f0402219d969b1a125050 |
qpid-java-common-0.22-8.el6.noarch.rpm | SHA-256: 763727d5802988566cd54c0cb74e3f9fdad503443b1c030bb804774746e5e6d0 |
qpid-java-example-0.22-8.el6.noarch.rpm | SHA-256: 3312393bd5b0a0a839e35bbabbbdddb81b1cc1983d23eea239417caf404317ac |
qpid-qmf-0.22-40.el6.i686.rpm | SHA-256: e2620871ae0ddd9ab867b44c6644ea8967a690ebf6d7c60973b940b57b6c77e6 |
qpid-qmf-debuginfo-0.22-40.el6.i686.rpm | SHA-256: 27936bef167a9e9d84d982ee5dff449e5957ac1940c73abd1141f46516799e16 |
qpid-qmf-devel-0.22-40.el6.i686.rpm | SHA-256: 6358263b8569ccd91a9405016e3a40bb72514888d76249b89b8178683779ae44 |
ruby-qpid-qmf-0.22-40.el6.i686.rpm | SHA-256: 3dde3864235fed9f0701c2da89d3c596eca82e0330cae85e665ff38f4f288eac |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.