Skip to navigation

Security Advisory Moderate: Red Hat Enterprise MRG Messaging 2.2 update

Advisory: RHSA-2012:1279-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-09-19
Last updated on: 2012-09-19
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2012-3467

Details

Updated Messaging component packages that fix one security issue, multiple
bugs, and add various enhancements are now available for Red Hat Enterprise
MRG 2.2 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for Linux
based on AMQP (Advanced Message Queuing Protocol), an open protocol
standard for enterprise messaging that is designed to make mission critical
messaging widely available as a standard service, and to make enterprise
messaging interoperable across platforms, programming languages, and
vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10
client libraries for C++, Java JMS, and Python; as well as persistence
libraries and management tools.

It was discovered that the Apache Qpid daemon (qpidd) did not require
authentication for "catch-up" shadow connections created when a new broker
joins a cluster. A malicious client could use this flaw to bypass client
authentication. (CVE-2012-3467)

This update also fixes multiple bugs and adds enhancements. Documentation
for these changes will be available shortly from the Technical Notes
document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG 2.2 are
advised to upgrade to these updated packages, which resolve the issues and
add the enhancements noted in the Red Hat Enterprise MRG 2 Technical Notes.
After installing the updated packages, stop the cluster by either running
"service qpidd stop" on all nodes, or "qpid-cluster --all-stop" on any one
of the cluster nodes. Once stopped, restart the cluster with "service qpidd
start" on all nodes for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
mrg-release-2.2.0-1.el6.src.rpm
File outdated by:  RHSA-2013:1294
    MD5: 9e2a94c97dac4e8cc4e0ca042e17a8e1
SHA-256: 200a886631724612a4cfd8eeb3d69f0908a08132b1bd759b784d5b4531e5fc73
qpid-cpp-0.14-22.el6_3.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: 8ff000da5f2b2c7ad0c0f9cb4fe3f5ca
SHA-256: 5f6d259c74f6804210e6f843d10a5eb220692de250df59f1f94c2edb9e962d11
qpid-java-0.18-2.el6.src.rpm
File outdated by:  RHSA-2013:1024
    MD5: 627a1dafc08c17c777a48c561193f988
SHA-256: c0e654286578249c66cf0bd7889739c7dcc02fa3bc5d0cdbcc5c1139effba7ce
qpid-jca-0.18-2.el6.src.rpm
File outdated by:  RHSA-2013:0562
    MD5: 8ce3081a51886f67fbe2d1ea81450cac
SHA-256: 11b1e47460c1901239d9f759a69c6742f486dca7438e1f9da7180b8673841e65
qpid-qmf-0.14-14.el6_3.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: d3562750bdfa84dc6b27b4e679c218f0
SHA-256: 2f3652ce7606afa851af60e167e90b6d6bf1d993f018997ce615eed8108a28e2
xerces-c-3.0.1-20.el6.src.rpm     MD5: 7e7789fdd9fb18c2060f33037ad40903
SHA-256: 41e575832f2aff24415a157704257600f4cb9a178f57813a699631698f481e4a
xqilla-2.2.3-8.el6.src.rpm     MD5: f99b2c1e67efd2d79439b8dab2009770
SHA-256: 358a59b6a03580a9ca77e5e470a2ad52d71295661f12c3a3944626bd86393591
 
IA-32:
mrg-release-2.2.0-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1294
    MD5: 3120bdf9ac3c2a0b13b7f45b7257cc7c
SHA-256: a43578defd0c077232ddc2730a58f8041e595e75c4e76cdbe4930cfd5048b663
qpid-cpp-client-devel-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: b562eb0f1b976e224ebcf6c8d0ea051e
SHA-256: 45551705fe55215e66a7c148294a09c991e3e31c996b00489e0b8a4938f91030
qpid-cpp-client-devel-docs-0.14-22.el6_3.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: c2df22e9b62051961dfea485b5cd5017
SHA-256: f86e1131a9ec2f96d24c812c6659dce4665eccd2d18bc83ca10ff40582d1ac16
qpid-cpp-client-rdma-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 1e0c5e14ad6e4beb980215fdb1dbfc1f
SHA-256: 4f7a4e07363b8e27c6bf767bd228a677cfcf0e970416921f8b374d92e97a732e
qpid-cpp-debuginfo-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 6d4f4615ffca200d4f50ebf70a480767
SHA-256: d0089ae50ef3a7d9807cbb574c6ba5573ac9fad41c94c1dff168a08e5e8bfab7
qpid-cpp-server-cluster-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 53fce60166840eb3e5532eaa0e4b0013
SHA-256: 91f7cbc5847778ae9ecca614236c4d00a88a9d24deb72c44d359b0d883aab798
qpid-cpp-server-devel-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: f11905ae8e0332615e6c96e2a2ad6572
SHA-256: 5522bd2373192f0f621aae8f6222468ab8de208e6fc1e02d64b16aaf8e2ef7ff
qpid-cpp-server-rdma-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: b735f7dbd942b4c6e0443ebda24cf3e8
SHA-256: 8d96725c100b8d54fbe49abc5cb6735d08f05c60f9e60ec94ca46d7731c94719
qpid-cpp-server-store-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 6bb2930d4493c94dcb01ec59e0c49a17
SHA-256: ca4304be1565c1fe69ff000029fa6211cedd30cf6f9be335b00d336cb5de1659
qpid-cpp-server-xml-0.14-22.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 463147170cf751ba3453067a33643d60
SHA-256: 647af8458218c63c9f059a7ca9d3402c8a392afd8137e9c960677be304008803
qpid-java-client-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 0392857ff0396d252e346f12826f6da5
SHA-256: a75cd1690741780d05bdacb67284eeb3e9ab839400d7b2db81605e512f0d1dcc
qpid-java-common-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 6b8a32b82e271729960c6a12285cbf0f
SHA-256: ee691966be99d5979bd4504b5104147de7526f4483560ce84a2d7d709d3b2467
qpid-java-example-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 6b37ad1df590c6812f556160bfebc179
SHA-256: 5f142fe213db0813d56466d098dfa07031484dd7627a62d9569a8be976475409
qpid-jca-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:0562
    MD5: cf5d53d06dbcb2016db7c9943c264b8f
SHA-256: a484f2e6926b64f308d9afe639d873813f7325d93fc413b602f8aa015159557f
qpid-jca-xarecovery-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:0562
    MD5: 1735132353104bfd65508942605cc7d4
SHA-256: e276055b4c53c23d7c0b820927e957f07b79fe41ab90e6595a9348ae8323d885
qpid-qmf-debuginfo-0.14-14.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 5f52f32aa10c9a2cff493df9f4707aae
SHA-256: 61dccc5e0ceb79ecdb9ea834ad0b8bf5790e587736266c94a51d3ae0b37c0ea6
qpid-qmf-devel-0.14-14.el6_3.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: c2ff64debf9fb5a407a65c7776e3f995
SHA-256: 3768a04d82e910891e0c3ece015d5ad16ec022a303bf545ade8fbd4740a3e46b
xerces-c-3.0.1-20.el6.i686.rpm     MD5: 01de26bcd3a76d33be8bd834dd92ab31
SHA-256: c1bb9eaf555d6fbfd73bc66ae0c8c82a14721daa221585f72c782c3881ef35bf
xerces-c-debuginfo-3.0.1-20.el6.i686.rpm     MD5: 3ac6e3ff180177ad2f76c00f9e66d2bb
SHA-256: 09f271423c0238f0ea9c30659b0008d2b1a872107b5512719f92fc9b9c9e77d9
xerces-c-devel-3.0.1-20.el6.i686.rpm     MD5: e98903c1bc9821a75779faf1851d13db
SHA-256: 55b93390e9ba9e774917ce452913a229373fecae91f800d1e477f1b7c55e7d03
xerces-c-doc-3.0.1-20.el6.noarch.rpm     MD5: 5d9de1a0bb1dc7d3b505d3f7a8b22337
SHA-256: 1cac04dfbd181b5e4e1090dfb177e36f3a88b3838dafa6ceb67b5d4bf4319199
xqilla-2.2.3-8.el6.i686.rpm     MD5: dd0b36ee0aa7b58829a19c81e1e4f86e
SHA-256: 5112d521e880d94d42ff55eba6b2b05a549be97ea6de575a2b6bdaef3c119514
xqilla-debuginfo-2.2.3-8.el6.i686.rpm     MD5: fe6bbbabbe25a1a1e92326ea2eb4dea3
SHA-256: 9776dcea3677c0861d31d1e042ab819955a55935dbad0f6ced02208422649fcf
xqilla-devel-2.2.3-8.el6.i686.rpm     MD5: c3791d70005b03766b8e427974d83a07
SHA-256: cf1ea40727277ed12cd0952d2032bc59c393dbd4400c8bd4b6bdf727f6acb745
xqilla-doc-2.2.3-8.el6.noarch.rpm     MD5: 08fb15321cca5168e0148f921ccf8c33
SHA-256: b8f6efb5b84fb250c2b592cd94ea53f36dba62cd94aec57e39abf5b7f8bfd488
 
x86_64:
mrg-release-2.2.0-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1294
    MD5: 3120bdf9ac3c2a0b13b7f45b7257cc7c
SHA-256: a43578defd0c077232ddc2730a58f8041e595e75c4e76cdbe4930cfd5048b663
qpid-cpp-client-devel-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 28246adbcccc17bc67072f0b30facaaf
SHA-256: 0304823dda98a3e49abf70d991d75053cea96770493bc184baf894aedf019dfc
qpid-cpp-client-devel-docs-0.14-22.el6_3.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: c2df22e9b62051961dfea485b5cd5017
SHA-256: f86e1131a9ec2f96d24c812c6659dce4665eccd2d18bc83ca10ff40582d1ac16
qpid-cpp-client-rdma-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: aac0a2eba91076164ad5eff4b6c29cac
SHA-256: e9b268d7dc934421af2986e6963475c1bcad683f6352388a018e91a77404e96e
qpid-cpp-debuginfo-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 5d89778ea79f12c725c4b2d7d1c7b310
SHA-256: dd1e95481d6c7357c574806b63589815f14c3eef70d5319d58a2c2418b157c56
qpid-cpp-server-cluster-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 0f4bb4bee103edc31a48aeef588293d2
SHA-256: 12904fa2fa3ee9037c5a10e2ec604da8c1c9f012e05ada65d68527f6e6d7b066
qpid-cpp-server-devel-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: e895793ea861ca44f0a7e5891a333e5d
SHA-256: 83aa70d7db4541a4640687b37503e33f40709d3ae3fddad9e0176ffaed8fbc4e
qpid-cpp-server-rdma-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 3c30b984e53b43d9de7412c204f7f2c6
SHA-256: 638d246c4bdce4dac870a5812ff3ecaff5c110d4fe2ef768d69536bcf9959e33
qpid-cpp-server-store-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 12a83bf5a27c3f7fa81be94fffe1bc57
SHA-256: 2f90f2804c4efb67ab667c64a52967c5a1f3975a222752829610ba5ffa712aec
qpid-cpp-server-xml-0.14-22.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 581a2e7ae0fefb6a886572c6d28e34b6
SHA-256: 1249069271dd61b434b4cbd4212c2d7e3b144361994f0b4a469e1be295e8da31
qpid-java-client-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 0392857ff0396d252e346f12826f6da5
SHA-256: a75cd1690741780d05bdacb67284eeb3e9ab839400d7b2db81605e512f0d1dcc
qpid-java-common-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 6b8a32b82e271729960c6a12285cbf0f
SHA-256: ee691966be99d5979bd4504b5104147de7526f4483560ce84a2d7d709d3b2467
qpid-java-example-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 6b37ad1df590c6812f556160bfebc179
SHA-256: 5f142fe213db0813d56466d098dfa07031484dd7627a62d9569a8be976475409
qpid-jca-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:0562
    MD5: cf5d53d06dbcb2016db7c9943c264b8f
SHA-256: a484f2e6926b64f308d9afe639d873813f7325d93fc413b602f8aa015159557f
qpid-jca-xarecovery-0.18-2.el6.noarch.rpm
File outdated by:  RHSA-2013:0562
    MD5: 1735132353104bfd65508942605cc7d4
SHA-256: e276055b4c53c23d7c0b820927e957f07b79fe41ab90e6595a9348ae8323d885
qpid-qmf-debuginfo-0.14-14.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: a8b6e5c8abe0e1a5437e854ce4fa365f
SHA-256: 62a2c25189f1be24a5873bc32e64563f49adeab498abeea1ea95a73578e72a3f
qpid-qmf-devel-0.14-14.el6_3.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 5528d92dcaf69f098fe82900978184d4
SHA-256: d4d4300081ac15d6c273972cfb31065d29cf9222d874d671f0beb3ee27af17e0
xerces-c-3.0.1-20.el6.x86_64.rpm     MD5: 27eeb84004ad66db2b14f2bb6e132b4c
SHA-256: 0ddb7e6d93d45325ab93d5b812eb15b8e736483efaa0d2f9eb8c4d6a0ab020f7
xerces-c-debuginfo-3.0.1-20.el6.x86_64.rpm     MD5: a45708588aecaed5cf3b89dbe045d540
SHA-256: d5b2bbc3c74bc9a527a376133faaa1bbfd8366e3d0d221f4019439ab5adc3967
xerces-c-devel-3.0.1-20.el6.x86_64.rpm     MD5: b696f520d51e08442b1c72e2350f2b91
SHA-256: 81eacd6d29ff996c131159aa039ad8b6c56d596cdd62324136554d6cfbc13f32
xerces-c-doc-3.0.1-20.el6.noarch.rpm     MD5: 5d9de1a0bb1dc7d3b505d3f7a8b22337
SHA-256: 1cac04dfbd181b5e4e1090dfb177e36f3a88b3838dafa6ceb67b5d4bf4319199
xqilla-2.2.3-8.el6.x86_64.rpm     MD5: 8ab58b77a44644c8b00d396be199a93c
SHA-256: ffef18db7f7017df82a222fb5fa8d180a8134438572e57825073ce0c1d7b2cb7
xqilla-debuginfo-2.2.3-8.el6.x86_64.rpm     MD5: 8bb69dc8c741e3af1fcba47beaf83447
SHA-256: df0e0c42749140d6882c27fd9ef5532b05c903d2e11bd470127b8d1f4962f00c
xqilla-devel-2.2.3-8.el6.x86_64.rpm     MD5: 73dd19ce14e5f1505f40910e6ca8da2b
SHA-256: 85760a4b108901da1c0579194884c6eefed7115b565686bc7aa52b23f8f18d64
xqilla-doc-2.2.3-8.el6.noarch.rpm     MD5: 08fb15321cca5168e0148f921ccf8c33
SHA-256: b8f6efb5b84fb250c2b592cd94ea53f36dba62cd94aec57e39abf5b7f8bfd488
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

836276 - CVE-2012-3467 qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/