Skip to navigation

Security Advisory Moderate: Red Hat Enterprise MRG Messaging 2.3 security update

Advisory: RHSA-2013:0562-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-03-06
Last updated on: 2013-03-06
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2012-4446
CVE-2012-4458
CVE-2012-4459

Details

Updated Messaging component packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for Linux
based on AMQP (Advanced Message Queuing Protocol), an open protocol
standard for enterprise messaging that is designed to make mission critical
messaging widely available as a standard service, and to make enterprise
messaging interoperable across platforms, programming languages, and
vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10
client libraries for C++, Java JMS, and Python; as well as persistence
libraries and management tools.

It was found that the Apache Qpid daemon (qpidd) treated AMQP connections
with the federation_tag attribute set as a broker-to-broker connection,
rather than a client-to-server connection. This resulted in the source user
ID of messages not being checked. A client that can establish an AMQP
connection with the broker could use this flaw to bypass intended
authentication. For Condor users, if condor-aviary is installed, this flaw
could be used to submit jobs that would run as any user (except root, as
Condor does not run jobs as root). (CVE-2012-4446)

It was found that the AMQP type decoder in qpidd allowed arbitrary data
types in certain messages. A remote attacker could use this flaw to send a
message containing an excessively large amount of data, causing qpidd to
allocate a large amount of memory. qpidd would then be killed by the Out of
Memory killer (denial of service). (CVE-2012-4458)

An integer overflow flaw, leading to an out-of-bounds read, was found in
the Qpid qpid::framing::Buffer::checkAvailable() function. An
unauthenticated, remote attacker could send a specially-crafted message to
Qpid, causing it to crash. (CVE-2012-4459)

The CVE-2012-4446, CVE-2012-4458, and CVE-2012-4459 issues were discovered
by Florian Weimer of the Red Hat Product Security Team.

This update also fixes several bugs and adds enhancements. Documentation
for these changes will be available shortly from the Technical Notes
document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which resolve these issues,
and fix the bugs and add the enhancements noted in the Red Hat Enterprise
MRG 2 Technical Notes. After installing the updated packages, stop the
cluster by either running "service qpidd stop" on all nodes, or
"qpid-cluster --all-stop" on any one of the cluster nodes. Once stopped,
restart the cluster with "service qpidd start" on all nodes for the update
to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
cumin-messaging-0.1.1-2.el6.src.rpm     MD5: da77b1dc17956641e933a7234cf24d07
SHA-256: 41139e0948e41712dce1b671be365113456da37260f506cb17dfa708ef731275
mrg-release-2.3.0-1.el6.src.rpm
File outdated by:  RHSA-2013:1294
    MD5: eb7c3fc824a8c4d8aa959c4a894c5aef
SHA-256: bc17db06cdde238105a31dc478bf7e6f8048aa5fd14019ca98317dfba7e78c51
python-qpid-0.18-4.el6.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: 8bb66df8272b242cd841c185ce578802
SHA-256: 113b361fc011b48907af255a994e22d2ab0802ff5d803ed03213f3c72f7e2031
qpid-cpp-0.18-14.el6.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: 33749b8a2f43a2e873b54920fe046389
SHA-256: b366dbb2419cc21fd59f0d8782a793f6f28b3178bd2ab1458a3e18d648340ab1
qpid-java-0.18-7.el6.src.rpm
File outdated by:  RHSA-2013:1024
    MD5: 8658167a619d81238416a50219d04f3f
SHA-256: f84d8e1e5e8166755920d98d8337f9229372d1d0059aab6ac37b396bf37874df
qpid-jca-0.18-8.el6.src.rpm     MD5: 5a8dfe72712b95c9e0386fc371c37b25
SHA-256: 60de2c565a71b4d3e375e7818ddedd0eea2fb9c0fbaacaec8ffa0fafb1cc288d
qpid-qmf-0.18-15.el6.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: 65e5ca3a163d0540ca6b2a4003139b74
SHA-256: 8a5ff843f325342f0985c64eff10164f85be99b32a3c62a573a461502ac1b15c
qpid-tests-0.18-2.el6.src.rpm     MD5: 2f3ef9a8a5019d52c47dcb0666cb84a2
SHA-256: a556208d53734f997d4926298749c09d1f6386825fd275fd8120f6e2ebc7eb8d
qpid-tools-0.18-8.el6.src.rpm
File outdated by:  RHSA-2013:1024
    MD5: 4fd5101292fd7c58daa10885a6fa7c29
SHA-256: 51e8812463c641b9d2e1991295d0cc3abc588e2d17ad31abb6d914f7f66eb445
rhm-docs-0.18-2.el6.src.rpm     MD5: 87c3f18329980dc018abf84420d5b118
SHA-256: 22c2a5f16f06117d5bb990dae9a47f441b57f5e93b0b8d3231b27e18e8c15ac4
rubygem-rake-0.8.7-2.1.el6.src.rpm     MD5: 48eca4b896bda099eff9f3f966f20877
SHA-256: 898cba34ee705b6719c94e8f83b4a8e7d6a5bde943166df37f7b327963433af7
rubygems-1.8.16-1.el6.src.rpm
File outdated by:  RHSA-2013:1852
    MD5: 027d96c581d073676016a76a51602346
SHA-256: bec2927259d3fe32a24c43a888451582dccd58b22ff497c658e2037b49ad2dc9
saslwrapper-0.18-1.el6_3.src.rpm     MD5: 298c8d78753d0ad5a415f0f575c254d5
SHA-256: 52b0450a8ac35952219ca562b7b26f63777562602047fd02f0bfce62fe7b2234
xerces-c-3.0.1-20.el6.src.rpm     MD5: 7e7789fdd9fb18c2060f33037ad40903
SHA-256: 41e575832f2aff24415a157704257600f4cb9a178f57813a699631698f481e4a
xqilla-2.2.3-8.el6.src.rpm     MD5: f99b2c1e67efd2d79439b8dab2009770
SHA-256: 358a59b6a03580a9ca77e5e470a2ad52d71295661f12c3a3944626bd86393591
 
IA-32:
cumin-messaging-0.1.1-2.el6.noarch.rpm     MD5: 918a31232e91279580036be962c5338d
SHA-256: 593199029e80913de063f6e0eaac4d6c4f59f8ca59a7b0568759b871d607d7fd
mrg-release-2.3.0-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1294
    MD5: 568321161b6638a939640d977a076049
SHA-256: b52a549ca0721d61851afa0618c6133cabf57c11f5ea076732408cc6b9e77d86
python-qpid-0.18-4.el6.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: c812063bf91bc18a1b65dac33234158b
SHA-256: 87065079117ee22890937ee67df682362597d4f653f2001961ae311b208dac8d
python-qpid-qmf-0.18-15.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 85a9282f93d4ff427f94a5e4d7ac3be4
SHA-256: ff970e0835afd4ca1526578e844afb8e91da63e06536d523ace82adf052c62e4
python-saslwrapper-0.18-1.el6_3.i686.rpm     MD5: 0fa33a609e10e90cb06f2f4481049cb7
SHA-256: a6c62d6d101dcfa0f90f3c488f101b2b90cb5b20aff98f236e4491feca9157b4
qpid-cpp-client-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 1518c97167d9ac74192c5683e89bf16d
SHA-256: 57f05715d65a6bf1717e64cf1395722b1f916c3d135b801cee5fc5872da6b9db
qpid-cpp-client-devel-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: c8aff0849f08b81347ee79174deb9c2b
SHA-256: 3a801b4e0e37ccb999157dafbf809637304899b57b26e0950ef2db59021edc3d
qpid-cpp-client-devel-docs-0.18-14.el6.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: 56b9daf2603395d7e97bd0688d92adf3
SHA-256: cae23bff9d8c3b3644e6ef71a751f0b7a19df09958d11f35d11c7c4317b86ea5
qpid-cpp-client-rdma-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 106639f7c26a9e3b532e484bea50b2f5
SHA-256: 9f71c86354c89bd154ce28d6a637950947e7d17ca55775b35f57965f7739454d
qpid-cpp-client-ssl-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: fad19b372d28534c2ea704355b0a6708
SHA-256: e97a5d47cd133ea6d7efa3e89cfac497f4a466a24eb25268dec9a6425d01d214
qpid-cpp-debuginfo-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: f2359e4a386451a1073614349e02bb1d
SHA-256: 3d55aea9fb4368bbf19d83ddf61687cf2bfb0091a11200aa308a8835d2c1e634
qpid-cpp-server-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: e4aada12fa3269c139f005162007331d
SHA-256: 8e75b644b5fdb1e39300accd44490731383405855ac98ea8bbbfd4730bd3ea71
qpid-cpp-server-cluster-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 65e007cba45636d82c0b3131bce13829
SHA-256: 6ba0cbe112ac2b3168ea8f6a1e9e0d3c7f8c4e4f2b6f5b72a953b68231ef747d
qpid-cpp-server-devel-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 5bc5c019f0b5aea4b1f1906676826e5c
SHA-256: ee101266dd7c60dd4f230a3ae2a1368c70a6f96b4b8df9ed33471c2b9692c294
qpid-cpp-server-rdma-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 84c0c08a932a8a3bf54b32766a16b030
SHA-256: 28231f7c92bedc9457e56f815340452ae548586e682e6884c63105fce5cc1eb7
qpid-cpp-server-ssl-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 6702ccf0f60cffe1ca66f3dce62dfc6b
SHA-256: 67b64f599b45763b93236563e5567f735af2a700cc921f35f3e08e3d693ae235
qpid-cpp-server-store-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 6f0276208287fc5bee091fee234246cb
SHA-256: aebd0753f81d272433445cd487fce0d273b239272917363bd9d2cf0d8c86a93e
qpid-cpp-server-xml-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: a36f29153e040dc5db18c34721f6e538
SHA-256: e6b3a09be6e8bd7f4ed7fccc80a413ac5b77bcf695e043afa7c7c245769da2d3
qpid-java-client-0.18-7.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 15b15a8c8561306396ee2c4c6cfe7c41
SHA-256: e93379d72aebd072d628fa762647a3f361d3b3414f2ab10a82935578748e477c
qpid-java-common-0.18-7.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 3120c0e9a96ab780e036c4af1b32bf83
SHA-256: a520cfc064407de234bfb6918a7c4736c6314c1f2bc5edb76cb64303c52a9458
qpid-java-example-0.18-7.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 3b2282f8622cf9fb285fd0e0f2c0fce5
SHA-256: c1ebb684e586005ed086d9857587e912e820eb7f2ffc5b09ba2378a65bd22e3e
qpid-jca-0.18-8.el6.noarch.rpm     MD5: 7aab5b9e86801ff9e4df21219e7dd9da
SHA-256: b362bd76e3682956837860663b51e7c0643cf3b7805759be51c96e5329de2e7b
qpid-jca-xarecovery-0.18-8.el6.noarch.rpm     MD5: 2d7c3cb103a178e8921493ed96ce2a61
SHA-256: 22e2afdcb01eb6d804fa1f395bc2ac31c904905aa5ed071e63777d3845222004
qpid-qmf-0.18-15.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 2397621ab6d4342bddfeba216850daca
SHA-256: d637dada609b0e5450161aa1af3845457a4dd3f9da7324c717fc6141507e8cce
qpid-qmf-debuginfo-0.18-15.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 9638fae3713aaa4147038cb11060bc45
SHA-256: 8c244405ff07927ebb0dc14aeec817fe91378252e9db5906231dd063b7ac58cb
qpid-qmf-devel-0.18-15.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: b9241dc59cdeec82f4de94a233e0e443
SHA-256: 3e50a464ce2fc0803a3225f97f3383e9524f0456ffe3591e89dd943d38fc9c0b
qpid-tests-0.18-2.el6.noarch.rpm     MD5: 74fe92773e9dbbc1911a0add2a317c28
SHA-256: 7bba27c25ef6bc33b334b3b18b9177e2c86d3b783d36185c56c95b14b652eb3d
qpid-tools-0.18-8.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 2b1a8a8e59a0498031b71d2e2ad96da6
SHA-256: ed0f3132d43715b2b903a672b043b868672043fe9ef7217056b80ee3041efde6
rhm-docs-0.18-2.el6.noarch.rpm     MD5: b4f07c50e15c50c89797ad53dd9e9655
SHA-256: cfc7d9224628e5ad0be6cef1f82d227f04a73c9fd72dd538586248055533de76
ruby-qpid-qmf-0.18-15.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 0fe51a0e8f31a1c8dda53978ff260356
SHA-256: e5bb19a8bce4ddfcb9cecd9f569c30c71b0f5427a90710f98691fda6921eb118
ruby-saslwrapper-0.18-1.el6_3.i686.rpm     MD5: 4aa6ec1e9566ce00941dc2e96f0fc338
SHA-256: 90665e9cfee74a6125f1bec5cc7b3ebe0998811488034bf9f4ab6a387e53e98e
rubygem-rake-0.8.7-2.1.el6.noarch.rpm     MD5: b0c3b2eb06683b76c555515267caeffa
SHA-256: c7f892e6b9f77e75375c7513170b215c78109dea37b494dc85036b9cbf7fb5cc
rubygems-1.8.16-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: a08d1276a506339b511c44b050da0e78
SHA-256: 611fcf51d6a05adcd0a569f36cd6c217f30729f897b92e2ba442b0f6be26bbcc
saslwrapper-0.18-1.el6_3.i686.rpm     MD5: 22ba98d416ccf3c885943c21619f19dd
SHA-256: 246488a4211886dda0a86c4917fc434243b45ec6148fec13193f7dc37da72f77
saslwrapper-debuginfo-0.18-1.el6_3.i686.rpm     MD5: f0dfad2272bd4bc7ef868a8b35e32bc1
SHA-256: f751dd771c4b25f3395a4feb52d1d964f88d1f90c7461ba1aadbea2c22c42bb5
saslwrapper-devel-0.18-1.el6_3.i686.rpm     MD5: bc590c7144b8a75512b23f9e8aa917f1
SHA-256: e393c23d958df10717753518e4deca9583f01293d6c1a04e237c20c30f4c70b5
xerces-c-3.0.1-20.el6.i686.rpm     MD5: 01de26bcd3a76d33be8bd834dd92ab31
SHA-256: c1bb9eaf555d6fbfd73bc66ae0c8c82a14721daa221585f72c782c3881ef35bf
xerces-c-debuginfo-3.0.1-20.el6.i686.rpm     MD5: 3ac6e3ff180177ad2f76c00f9e66d2bb
SHA-256: 09f271423c0238f0ea9c30659b0008d2b1a872107b5512719f92fc9b9c9e77d9
xerces-c-devel-3.0.1-20.el6.i686.rpm     MD5: e98903c1bc9821a75779faf1851d13db
SHA-256: 55b93390e9ba9e774917ce452913a229373fecae91f800d1e477f1b7c55e7d03
xerces-c-doc-3.0.1-20.el6.noarch.rpm     MD5: 5d9de1a0bb1dc7d3b505d3f7a8b22337
SHA-256: 1cac04dfbd181b5e4e1090dfb177e36f3a88b3838dafa6ceb67b5d4bf4319199
xqilla-2.2.3-8.el6.i686.rpm     MD5: dd0b36ee0aa7b58829a19c81e1e4f86e
SHA-256: 5112d521e880d94d42ff55eba6b2b05a549be97ea6de575a2b6bdaef3c119514
xqilla-debuginfo-2.2.3-8.el6.i686.rpm     MD5: fe6bbbabbe25a1a1e92326ea2eb4dea3
SHA-256: 9776dcea3677c0861d31d1e042ab819955a55935dbad0f6ced02208422649fcf
xqilla-devel-2.2.3-8.el6.i686.rpm     MD5: c3791d70005b03766b8e427974d83a07
SHA-256: cf1ea40727277ed12cd0952d2032bc59c393dbd4400c8bd4b6bdf727f6acb745
xqilla-doc-2.2.3-8.el6.noarch.rpm     MD5: 08fb15321cca5168e0148f921ccf8c33
SHA-256: b8f6efb5b84fb250c2b592cd94ea53f36dba62cd94aec57e39abf5b7f8bfd488
 
x86_64:
cumin-messaging-0.1.1-2.el6.noarch.rpm     MD5: 918a31232e91279580036be962c5338d
SHA-256: 593199029e80913de063f6e0eaac4d6c4f59f8ca59a7b0568759b871d607d7fd
mrg-release-2.3.0-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1294
    MD5: 568321161b6638a939640d977a076049
SHA-256: b52a549ca0721d61851afa0618c6133cabf57c11f5ea076732408cc6b9e77d86
python-qpid-0.18-4.el6.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: c812063bf91bc18a1b65dac33234158b
SHA-256: 87065079117ee22890937ee67df682362597d4f653f2001961ae311b208dac8d
python-qpid-qmf-0.18-15.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: f6c552b71aa2a852ed3a6ba9054574d1
SHA-256: 36c43b2d51a257cb5960ff45ee6a365f7ce608f615b7dec323dc9124103659c9
python-saslwrapper-0.18-1.el6_3.x86_64.rpm     MD5: d4b78fb14a3b6307421bf485606a7fb6
SHA-256: 512f3c96a0ef09183ec9b64db30ce58b961cb45bd19446c2e050a10037e050f9
qpid-cpp-client-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 1518c97167d9ac74192c5683e89bf16d
SHA-256: 57f05715d65a6bf1717e64cf1395722b1f916c3d135b801cee5fc5872da6b9db
qpid-cpp-client-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: ac90714448fee58aee7843c77b489834
SHA-256: 2139092dda545fef24d37f749c983775c0c4e81b1b47e825c472c994cb825727
qpid-cpp-client-devel-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 2f1e46e4f5bae9e0afe46d85b78a8cee
SHA-256: 5f7f75f9ad70c657664cbee9a1c8dcaff5a11a0b4734463e5837ae178ff909cc
qpid-cpp-client-devel-docs-0.18-14.el6.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: 56b9daf2603395d7e97bd0688d92adf3
SHA-256: cae23bff9d8c3b3644e6ef71a751f0b7a19df09958d11f35d11c7c4317b86ea5
qpid-cpp-client-rdma-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 6f057b182df36b2e33f41f7b4b00e09f
SHA-256: 592ae49e8b20d03232916696208c94030085e22a56420e0e69a7e28d4782ff5d
qpid-cpp-client-ssl-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: fad19b372d28534c2ea704355b0a6708
SHA-256: e97a5d47cd133ea6d7efa3e89cfac497f4a466a24eb25268dec9a6425d01d214
qpid-cpp-client-ssl-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: ca9a9a3bb15c1f580b5106ff2a21b4a4
SHA-256: c70ea1df856412b6448c7afa793bf5457f9b7160c5e538de57e540809c047c41
qpid-cpp-debuginfo-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: f2359e4a386451a1073614349e02bb1d
SHA-256: 3d55aea9fb4368bbf19d83ddf61687cf2bfb0091a11200aa308a8835d2c1e634
qpid-cpp-debuginfo-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 4f26558782660c04dc99071cdafa495e
SHA-256: 1c7cba8f0be6f812fabc24ea4a1134e1fa9a4f9011511bbc4c01c3c9bd8bf129
qpid-cpp-server-0.18-14.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: e4aada12fa3269c139f005162007331d
SHA-256: 8e75b644b5fdb1e39300accd44490731383405855ac98ea8bbbfd4730bd3ea71
qpid-cpp-server-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 4e072eb6f088c1d07d7e03a7561119ff
SHA-256: 43322b8ddfa1d68a985e4fe53b23f9fb8d49f202596094ddddfceee7b2c58833
qpid-cpp-server-cluster-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 77cfb6b7bd1d50ae152455e55ef0a66b
SHA-256: 38b8b6bc6383f41613b569d7acb38474366f3524b7035eb6e8088a9fee305986
qpid-cpp-server-devel-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 278bd5be4b9eb78d9d41b99ff3c34721
SHA-256: f6e4ab13d8fc687416cede96f85cee2bb8847900c7ef5d3100b12c8675e36667
qpid-cpp-server-rdma-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 7ed9804d14519f75494bb6a57de0011d
SHA-256: 9a90de4ae2104a9b7dac4ab0e883d61f97ce62ac25d79ed28c23b064313b0be3
qpid-cpp-server-ssl-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 71c9833d0152296665fd715459b3639c
SHA-256: a2111e1f6b2dde46b0e1a9c8983a104a6ff7b64d9cf07f4800dfb494dbf306ee
qpid-cpp-server-store-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 0ab56488239a8f3cdc337977a3fa8bfe
SHA-256: c06608ec285e1775f6694bda62e71c857804117b0e9a96d7a5ee69482aaf9e53
qpid-cpp-server-xml-0.18-14.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: cab5a7f86d409fbf51bf75b22ddb293b
SHA-256: 497da24e9483a0bf8939f6b6f52f3655c33ac12be0c7ad1fb52da380b9729e10
qpid-java-client-0.18-7.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 15b15a8c8561306396ee2c4c6cfe7c41
SHA-256: e93379d72aebd072d628fa762647a3f361d3b3414f2ab10a82935578748e477c
qpid-java-common-0.18-7.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 3120c0e9a96ab780e036c4af1b32bf83
SHA-256: a520cfc064407de234bfb6918a7c4736c6314c1f2bc5edb76cb64303c52a9458
qpid-java-example-0.18-7.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 3b2282f8622cf9fb285fd0e0f2c0fce5
SHA-256: c1ebb684e586005ed086d9857587e912e820eb7f2ffc5b09ba2378a65bd22e3e
qpid-jca-0.18-8.el6.noarch.rpm     MD5: 7aab5b9e86801ff9e4df21219e7dd9da
SHA-256: b362bd76e3682956837860663b51e7c0643cf3b7805759be51c96e5329de2e7b
qpid-jca-xarecovery-0.18-8.el6.noarch.rpm     MD5: 2d7c3cb103a178e8921493ed96ce2a61
SHA-256: 22e2afdcb01eb6d804fa1f395bc2ac31c904905aa5ed071e63777d3845222004
qpid-qmf-0.18-15.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 2397621ab6d4342bddfeba216850daca
SHA-256: d637dada609b0e5450161aa1af3845457a4dd3f9da7324c717fc6141507e8cce
qpid-qmf-0.18-15.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 4a90907e76a8180e8839fac0c7d3f623
SHA-256: 3510625699ef755142b0e0415547af874a1d2ab7f980574b8b7e527ea3e4d07d
qpid-qmf-debuginfo-0.18-15.el6.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 9638fae3713aaa4147038cb11060bc45
SHA-256: 8c244405ff07927ebb0dc14aeec817fe91378252e9db5906231dd063b7ac58cb
qpid-qmf-debuginfo-0.18-15.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 55b5f0d7412cf50c6afa7a8886e20421
SHA-256: 9f0d6e24669ec5c7c8efaa1d5af07e075f00f4a0382b6ab181526d01e3572078
qpid-qmf-devel-0.18-15.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 9cf7a6794afde50648574a861ffb278a
SHA-256: dd23d437002faafe02cd5237941c47f69ca2c2f8fecfb450e495a8a6460ed7fa
qpid-tests-0.18-2.el6.noarch.rpm     MD5: 74fe92773e9dbbc1911a0add2a317c28
SHA-256: 7bba27c25ef6bc33b334b3b18b9177e2c86d3b783d36185c56c95b14b652eb3d
qpid-tools-0.18-8.el6.noarch.rpm
File outdated by:  RHSA-2013:1024
    MD5: 2b1a8a8e59a0498031b71d2e2ad96da6
SHA-256: ed0f3132d43715b2b903a672b043b868672043fe9ef7217056b80ee3041efde6
rhm-docs-0.18-2.el6.noarch.rpm     MD5: b4f07c50e15c50c89797ad53dd9e9655
SHA-256: cfc7d9224628e5ad0be6cef1f82d227f04a73c9fd72dd538586248055533de76
ruby-qpid-qmf-0.18-15.el6.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 5f14cf92ed2e697d8b8ce0ac0a946b9e
SHA-256: 7cb66f94109f3ef041081e67fd8b2e69dc6fa767df3ff390008ad10b4df32f22
ruby-saslwrapper-0.18-1.el6_3.x86_64.rpm     MD5: 0a11418f5d71e18282865df9bc422b47
SHA-256: b5c6c424e3bc69e9fef6956772d91c4ea2ba27592ea95fd56c1193254a30fb95
rubygem-rake-0.8.7-2.1.el6.noarch.rpm     MD5: b0c3b2eb06683b76c555515267caeffa
SHA-256: c7f892e6b9f77e75375c7513170b215c78109dea37b494dc85036b9cbf7fb5cc
rubygems-1.8.16-1.el6.noarch.rpm
File outdated by:  RHSA-2013:1852
    MD5: a08d1276a506339b511c44b050da0e78
SHA-256: 611fcf51d6a05adcd0a569f36cd6c217f30729f897b92e2ba442b0f6be26bbcc
saslwrapper-0.18-1.el6_3.i686.rpm     MD5: 22ba98d416ccf3c885943c21619f19dd
SHA-256: 246488a4211886dda0a86c4917fc434243b45ec6148fec13193f7dc37da72f77
saslwrapper-0.18-1.el6_3.x86_64.rpm     MD5: b58697596f099b41767e84e8c6f039d9
SHA-256: 0f96e260521c55ecf79235379071a053cb28a30854ed62012e5766b180bf6d96
saslwrapper-debuginfo-0.18-1.el6_3.i686.rpm     MD5: f0dfad2272bd4bc7ef868a8b35e32bc1
SHA-256: f751dd771c4b25f3395a4feb52d1d964f88d1f90c7461ba1aadbea2c22c42bb5
saslwrapper-debuginfo-0.18-1.el6_3.x86_64.rpm     MD5: 61ff97b1728134fa57f986f4fef7becf
SHA-256: 45e3704b7ea97d751f34ae5eb59ac44e418222984fcfb946d120095be2d8219b
saslwrapper-devel-0.18-1.el6_3.i686.rpm     MD5: bc590c7144b8a75512b23f9e8aa917f1
SHA-256: e393c23d958df10717753518e4deca9583f01293d6c1a04e237c20c30f4c70b5
saslwrapper-devel-0.18-1.el6_3.x86_64.rpm     MD5: 19808dc17a20bfdf3480dc6e3938562c
SHA-256: cbb383371c79a2e10e03764a11ad723b0e7ccfb72cc05892e5093380b111ef49
xerces-c-3.0.1-20.el6.x86_64.rpm     MD5: 27eeb84004ad66db2b14f2bb6e132b4c
SHA-256: 0ddb7e6d93d45325ab93d5b812eb15b8e736483efaa0d2f9eb8c4d6a0ab020f7
xerces-c-debuginfo-3.0.1-20.el6.x86_64.rpm     MD5: a45708588aecaed5cf3b89dbe045d540
SHA-256: d5b2bbc3c74bc9a527a376133faaa1bbfd8366e3d0d221f4019439ab5adc3967
xerces-c-devel-3.0.1-20.el6.x86_64.rpm     MD5: b696f520d51e08442b1c72e2350f2b91
SHA-256: 81eacd6d29ff996c131159aa039ad8b6c56d596cdd62324136554d6cfbc13f32
xerces-c-doc-3.0.1-20.el6.noarch.rpm     MD5: 5d9de1a0bb1dc7d3b505d3f7a8b22337
SHA-256: 1cac04dfbd181b5e4e1090dfb177e36f3a88b3838dafa6ceb67b5d4bf4319199
xqilla-2.2.3-8.el6.x86_64.rpm     MD5: 8ab58b77a44644c8b00d396be199a93c
SHA-256: ffef18db7f7017df82a222fb5fa8d180a8134438572e57825073ce0c1d7b2cb7
xqilla-debuginfo-2.2.3-8.el6.x86_64.rpm     MD5: 8bb69dc8c741e3af1fcba47beaf83447
SHA-256: df0e0c42749140d6882c27fd9ef5532b05c903d2e11bd470127b8d1f4962f00c
xqilla-devel-2.2.3-8.el6.x86_64.rpm     MD5: 73dd19ce14e5f1505f40910e6ca8da2b
SHA-256: 85760a4b108901da1c0579194884c6eefed7115b565686bc7aa52b23f8f18d64
xqilla-doc-2.2.3-8.el6.noarch.rpm     MD5: 08fb15321cca5168e0148f921ccf8c33
SHA-256: b8f6efb5b84fb250c2b592cd94ea53f36dba62cd94aec57e39abf5b7f8bfd488
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

851355 - CVE-2012-4446 qpid-cpp: qpid authentication bypass
861234 - CVE-2012-4458 qpid-cpp: long arrays of zero-width types cause a denial of service
861241 - CVE-2012-4459 qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/