Skip to navigation

Security Advisory Important: Red Hat Enterprise MRG Messaging and Grid security update

Advisory: RHSA-2010:0921-1
Type: Security Advisory
Severity: Important
Issued on: 2010-11-30
Last updated on: 2010-11-30
Affected Products: Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5)
CVEs (cve.mitre.org): CVE-2010-4179

Details

Updated Red Hat Enterprise MRG Messaging and Grid packages that fix one
security issue and several bugs are now available for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT
infrastructure for enterprise computing. MRG Messaging implements the
Advanced Message Queuing Protocol (AMQP) standard, adding persistence
options, kernel optimizations, and operating system services.

The Management Console Installation Guide for Red Hat Enterprise MRG 1.3
instructed administrators to configure Condor to allow the MRG Management
Console (cumin) to submit jobs on behalf of a user. This configuration
facilitated a trust relationship between cumin and the Condor QMF plug-ins;
however, there was inadequate access control on the trusted channel,
allowing anyone able to publish to a broker to submit jobs to run as any
other user (except root, as Condor does not run jobs as root).
(CVE-2010-4179)

These updated packages also include multiple bug fixes. Users are directed
to the Red Hat Enterprise MRG 1.3 Technical Notes for information on these
changes:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/RHSA-2010-0921.html

All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which correct this issue and the issues noted in the Red Hat
Enterprise MRG 1.3 Technical Notes. After installing the updated packages,
Condor must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5)

SRPMS:
condor-7.4.4-0.17.el5.src.rpm
File outdated by:  RHBA-2011:0217
    MD5: 4126e8c46f20e02348c39516dcc93a1e
SHA-256: 2b09af6b3b6734497b9708dcba970ebe18e2b9ed228db8acd9fba4e0e4e09dfa
cumin-0.1.4410-2.el5.src.rpm
File outdated by:  RHBA-2011:0217
    MD5: bf39a4d4e653280b44dd07c0062014a5
SHA-256: 635bf4f489c45fa8848398fbe0c2ec1f1bab22934fee83c0f9bc795e236a022d
python-qmf-0.7.946106-14.el5.src.rpm     MD5: 8d282e153373b22d82564edfe7fcffe5
SHA-256: fd91d9c4a4965d5bca954510c9f6bc78907271d8a621a64b109de61290327cba
qpid-cpp-mrg-0.7.946106-22.el5.src.rpm
File outdated by:  RHBA-2011:1147
    MD5: 2bcd74e0b436283d6e03bf8bbc63d7f0
SHA-256: 863101923b843c82f45bf3f905b38b02eb45dcae6939ff7db9265062f24cd58a
qpid-java-0.7.946106-12.el5.src.rpm
File outdated by:  RHBA-2011:1147
    MD5: 990e68007662e560b3307c3b861470b3
SHA-256: c2e261985252ba2e04257910fd571f1125af3fb85198f40ffe1b93aa27947c69
sesame-0.7.4297-4.el5.src.rpm
File outdated by:  RHBA-2011:0217
    MD5: f225289ed1bfcd76aaf334136a0d2295
SHA-256: 8efe7064dfb5933ae9fbacc29de4d570a9b79c25355a1c82342ab1708f0d638f
 
IA-32:
condor-7.4.4-0.17.el5.i386.rpm
File outdated by:  RHBA-2011:0217
    MD5: 76338ebdc328276414a45ed3c57aeed1
SHA-256: 903d303c00dd012a1b01fa969f8d6d531b341e994b5ea0cc3bc51ff8dd8bdd0b
condor-kbdd-7.4.4-0.17.el5.i386.rpm
File outdated by:  RHBA-2011:0217
    MD5: 74cb1635c703572a18526b68d964b357
SHA-256: 41026c5cdb915def972ec3a7b170ef7f19a7a65895eb974b6454b1d78df04006
condor-qmf-7.4.4-0.17.el5.i386.rpm
File outdated by:  RHBA-2011:0217
    MD5: f974a465bbc36f482461c66038faf364
SHA-256: 179f9db25db4c4932a91ac92e4b9273ffed6d1cf523dde4ddeca91e8f21daf85
condor-vm-gahp-7.4.4-0.17.el5.i386.rpm
File outdated by:  RHBA-2011:0217
    MD5: e989fb614c6aa86b1be9623ad972a96c
SHA-256: a9bd5152a655ecb3a27d49a245ccf942adfc71cf03cfea462901a2b3e9fcc1b7
cumin-0.1.4410-2.el5.noarch.rpm
File outdated by:  RHBA-2011:0217
    MD5: 3d78c18cce405d96cdb73138812e87b2
SHA-256: c0ba8fb9c2d17192ec47e93273dd0f22feb977a71dbf5c55ea1f6392c64a2de5
python-qmf-0.7.946106-14.el5.noarch.rpm     MD5: b3b4129c6760421acb1270aa2471c280
SHA-256: faf6cff7c94f9de3f3898aef325aa00e104a6cd67d02e3133500606bb172ca56
qmf-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 449309b5100333b68097862fc5162805
SHA-256: af042a3011e6ba59cdd35c74e6ddfaa481f5a9e27e28743ddcf9035b6e747277
qmf-devel-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: ebcce26a4d7b45a12572f4dafa2df943
SHA-256: 9a1b5f911bf47866f44f6b90601588d39ab467fc2c956d5505896c58b9189c38
qpid-cpp-client-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 59ebbb7546eeeba3c53f220cb9d09835
SHA-256: 1dc4f9fbe872412d29fd9a1f6eedf1a414122e3d33ec763c0ad185da06c28ed7
qpid-cpp-client-devel-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 5a54ca6bcd7a06ba65567eafece5e395
SHA-256: de9a0f4a1a90f4ff8cdaba626c54b28bf8a74a8e656977b5f98f2200ad94f383
qpid-cpp-client-devel-docs-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 64acdc47c8688123e6a96916295296a3
SHA-256: 8d7566cb5fd78655d266c8050b8edbbbf749e38f61828b9c8272927e21886d15
qpid-cpp-client-rdma-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 739efb4d5faa95716c5ed7b17834c05b
SHA-256: ee4437d282d817459eceedcd8b84012c37ef225ddcf442128a71afe1b9a67777
qpid-cpp-client-ssl-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: a6aec4fc3454d44937ccb1c5abdefbca
SHA-256: fa6c1289107c15bee1543d47ac1db7e76e2ca5b72b1107f3c3af561bf54a60d8
qpid-cpp-server-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 3ad214f07daa2a18695e13bbaed02bf2
SHA-256: 1c8bc9a45ba9a9bc6be4491d4745b43bdc2e4b4bff6d1d38eb11d8279ef6ec38
qpid-cpp-server-cluster-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 169489f0db52792ca41fef6641210911
SHA-256: 3b6742e86e11e7299e805838457c11237377870eab95822eccec71715b84d6aa
qpid-cpp-server-devel-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: c8c9ff385dca24ecd3d9125d80b31b01
SHA-256: f8db5a164a748a3c64dcd4f60611b4febb6b145e819e8867764c423e1acd60d2
qpid-cpp-server-rdma-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: fcc86cbe966be07b2c4e892157c4d996
SHA-256: d1a0ce6fb94e0d25537ffb15a85ab76465dab065eaecad09c1ff1381483e3e86
qpid-cpp-server-ssl-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 64bbca1c9e1e8dbf6c8692929fdfa7c0
SHA-256: e4d99fc44afcf2e24f672ef7aeb975a02668f34b39166e43c867e8879e6cfbec
qpid-cpp-server-store-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: a6592ffc8ff0610cbd945806d5ab8896
SHA-256: 8a37438b022e6f9c0db023afa6e6116bb04004e117cf65e063721bc80cf97236
qpid-cpp-server-xml-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 0462eed5cf8dff3964d2870bf3378868
SHA-256: bbf9754f58712af86b108de6241bcb2c6c6e78a3d35d199b1b85e2c9518025ed
qpid-java-client-0.7.946106-12.el5.noarch.rpm
File outdated by:  RHBA-2011:1147
    MD5: d03e7bd411f9023f051f73916f7b9d4f
SHA-256: dd82b8fac48071b831dda4ba683306dfe0384cb27c70fe18a7e9992110eec1a3
qpid-java-common-0.7.946106-12.el5.noarch.rpm
File outdated by:  RHBA-2011:1147
    MD5: ee6b87ae826577f1934b1b9646c1e1a5
SHA-256: a8b93fc6039d39d9be843daa4c12ed1d9c64dfbf592b3689395f744ea4422666
qpid-java-example-0.7.946106-12.el5.noarch.rpm
File outdated by:  RHBA-2011:1147
    MD5: 439246da39aba9c46f3900a28e15c37c
SHA-256: 3acd90dd82fcd5d20c7a9addaf9123b1d262db86d2d2b9e1382662b40d5d72cf
rh-qpid-cpp-tests-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:0217
    MD5: 75c75a1af2638acb7f0d69cdcd1e36cc
SHA-256: d2d5fcc58ee638ea945d39d73b73dfae39b7cb55233146f994b943d9d21c4b39
ruby-qmf-0.7.946106-22.el5.i386.rpm
File outdated by:  RHBA-2011:1147
    MD5: 3524f4c52eaa92ac391f997b74672a96
SHA-256: 09058ef74c294f2ee0fa540f8f625f93712f610acdaab8499dd566a075eb700b
sesame-0.7.4297-4.el5.i386.rpm
File outdated by:  RHBA-2011:0217
    MD5: 599005f0f2b9dc2e503e70598bcbd601
SHA-256: c1b89345b598556c8c0affaf3c0f16f5f4534ff8b3c2f62a6fc342a152d4c945
 
x86_64:
condor-7.4.4-0.17.el5.x86_64.rpm
File outdated by:  RHBA-2011:0217
    MD5: 880d2b721a2e8b7c787def8a9dec212f
SHA-256: aa3ddce1b79e1ae0ef868a597f258c731a94269c0c76d09186fe68795821b731
condor-kbdd-7.4.4-0.17.el5.x86_64.rpm
File outdated by:  RHBA-2011:0217
    MD5: 603201ed6e370e505f2d0ed8898bb4ca
SHA-256: c5053bd71cb7e6ba7ea63af54350b569d0a385e1ac4373b5b1fcff43c28b0531
condor-qmf-7.4.4-0.17.el5.x86_64.rpm
File outdated by:  RHBA-2011:0217
    MD5: 0fe663c5b06bbc95ed2ff7d18af71c3b
SHA-256: b48f9006426f520bfb4511f2b4cfbc239b64c59962b9a5ce628c5a2bb3ac49a3
condor-vm-gahp-7.4.4-0.17.el5.x86_64.rpm
File outdated by:  RHBA-2011:0217
    MD5: f56965f8539c02053d33d5ea12d94a5a
SHA-256: b27ee22a91eb5baa82ae2824f68094314c8af5dc77d41117e783b1ceb1734787
cumin-0.1.4410-2.el5.noarch.rpm
File outdated by:  RHBA-2011:0217
    MD5: 3d78c18cce405d96cdb73138812e87b2
SHA-256: c0ba8fb9c2d17192ec47e93273dd0f22feb977a71dbf5c55ea1f6392c64a2de5
python-qmf-0.7.946106-14.el5.noarch.rpm     MD5: b3b4129c6760421acb1270aa2471c280
SHA-256: faf6cff7c94f9de3f3898aef325aa00e104a6cd67d02e3133500606bb172ca56
qmf-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 8608a6829261e7d4fe022d5e64c0573e
SHA-256: 524d574ec56d07fcb841bbc4a37ea231d9bb9912a7a1d3b5383a077aef56c3bf
qmf-devel-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 8d27d19f5cdcea5412c0d0e98f24b27c
SHA-256: 6dac71c966daae105c9332937d60d98f681d371708b23ee04c294427aeaaf463
qpid-cpp-client-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 60a6203d57902f3f2884eb07d9979e19
SHA-256: f6f5e513eef8cafd69e1bf394b0ee2ee0c9cdab86409ce1b189cacd3b87c0b38
qpid-cpp-client-devel-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 07c08e906fd46bdc4668882dfd48a0c8
SHA-256: ad8e54c5ede2c19b36c0035ed6a67de4d6a3baaea5641d43af4d4747e2c158db
qpid-cpp-client-devel-docs-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 6f4cb8f86d4bc4001e9ba0d00133ab1e
SHA-256: 283d34cdf973b6595bf8e53d291818c70a811070eb1953e52e3b9b6ef94ac067
qpid-cpp-client-rdma-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 2dddeb89f4a21e1ff043a49a929f32cc
SHA-256: c2dca3a20607c3de27e2e83439387dc7a34dab055c06a8267ec87be87533d467
qpid-cpp-client-ssl-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 8ba7e87627f4b23783bdeccc1f7bc6bd
SHA-256: c3764865a7fe8dc98b57d06e6d95ca623be209806cc1e70913440e1d94ac414c
qpid-cpp-server-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 3c422f34ad4ab0b855911243e8f175f8
SHA-256: 148e0dcf7320bbb03d5c49ff5ec5dd3e745ca70a026d8f401ed088d96f1fdaae
qpid-cpp-server-cluster-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 8da0e6ce8b0995111992e5574265a3c6
SHA-256: ba565e0d8d94689f1d252ec5597f32c21a3f0e160eb196f7ba2c3972d972ae78
qpid-cpp-server-devel-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 1d7d63890cb4204026b34cb54749307d
SHA-256: 1d0b7068392a7b612c4e359a8cf3ee4870adbbd9661902c635e5ceeff2bdd9ff
qpid-cpp-server-rdma-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 37d63aed5a33c30a5284131039f660c3
SHA-256: a761b05f4240b72f66e23ef0a1165c6c4fa3e12c1a6d737abf9d196f900739b4
qpid-cpp-server-ssl-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 6e2665e74a3de1d7a63413adfe42d176
SHA-256: 67db1b64deef57076e5dcfc03796c0907ee9cf2db896cc57bb517862efecbc69
qpid-cpp-server-store-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: 038722618e89facf58d3726135d00813
SHA-256: 51976363278219451c7886b97c5f07042c325f058aeba36b1e500f85d01e4b63
qpid-cpp-server-xml-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: f54e3d5a2cca3880e67da6da46f7530c
SHA-256: 8fa7e586cb3efbb2e227bd241697c28fbcd13c5f3ffe98c492eb0fc1584425d7
qpid-java-client-0.7.946106-12.el5.noarch.rpm
File outdated by:  RHBA-2011:1147
    MD5: d03e7bd411f9023f051f73916f7b9d4f
SHA-256: dd82b8fac48071b831dda4ba683306dfe0384cb27c70fe18a7e9992110eec1a3
qpid-java-common-0.7.946106-12.el5.noarch.rpm
File outdated by:  RHBA-2011:1147
    MD5: ee6b87ae826577f1934b1b9646c1e1a5
SHA-256: a8b93fc6039d39d9be843daa4c12ed1d9c64dfbf592b3689395f744ea4422666
qpid-java-example-0.7.946106-12.el5.noarch.rpm
File outdated by:  RHBA-2011:1147
    MD5: 439246da39aba9c46f3900a28e15c37c
SHA-256: 3acd90dd82fcd5d20c7a9addaf9123b1d262db86d2d2b9e1382662b40d5d72cf
rh-qpid-cpp-tests-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:0217
    MD5: 4df5f26101f1a89dfdff16b7ee202214
SHA-256: 6efb4307dc44698d0b46d54fd5cb26655000673e0806f3f9332cfa84c5b1d5e0
ruby-qmf-0.7.946106-22.el5.x86_64.rpm
File outdated by:  RHBA-2011:1147
    MD5: b64046136a3d62a3eb6b95df9fd683a0
SHA-256: b9903dd38094f2698b77caa409db8c79945e41f65e597d9fa3358b1cd2f54ae5
sesame-0.7.4297-4.el5.x86_64.rpm
File outdated by:  RHBA-2011:0217
    MD5: 131537021c4a7130eb9b265ece1232ec
SHA-256: ede49f723d285a62d58dfec46059e0f02720243eb63803a6d4a201760f038fb4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

620687 - hello_world example does not allow connection options to be set
621468 - rejected messages are not dequeued
631567 - The C++ address parser throws an exception and leaks memory if it parses an empty list
636850 - QMF: console.py fails to pass v2-style events up to console
643384 - Cumin: NameError: global name 'UpdateException' is not defined
647860 - Incorrect detection of data types in address parameters - C++ client
647861 - Incorrect handling of datatypes for numeric queue constraints
649822 - Need mechanism to limit access to QMF Agent methods
649915 - protect cumin password wherever it lives
652463 - Acknowledged messages are not confirmed
654856 - CVE-2010-4179 schedd plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/