Skip to navigation

Security Advisory Moderate: Red Hat Enterprise MRG Messaging 2.3.3 security update

Advisory: RHSA-2013:1024-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-07-11
Last updated on: 2013-07-11
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2013-1909

Details

Updated Messaging component packages that fix one security issue and
multiple bugs are now available for Red Hat Enterprise MRG 2.3 for Red Hat
Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for Linux
based on AMQP (Advanced Message Queuing Protocol), an open protocol
standard for enterprise messaging that is designed to make mission critical
messaging widely available as a standard service, and to make enterprise
messaging interoperable across platforms, programming languages, and
vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10
client libraries for C++, Java JMS, and Python; as well as persistence
libraries and management tools.

It was discovered that the Qpid Python client library for AMQP did not
properly perform TLS/SSL certificate validation of the remote server's
certificate, even when the 'ssl_trustfile' connection option was specified.
A rogue server could use this flaw to conduct man-in-the-middle attacks,
possibly leading to the disclosure of sensitive information.
(CVE-2013-1909)

With this update, Python programs can instruct the library to validate
server certificates by specifying a path to a file containing trusted CA
certificates.

This issue was discovered by Petr Matousek of the Red Hat MRG Messaging
team.

This update also fixes multiple bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG 2.3 are
advised to upgrade to these updated packages, which resolve the issues
noted in the Red Hat Enterprise MRG 2 Technical Notes. After installing the
updated packages, stop the cluster by either running "service qpidd stop"
on all nodes, or "qpid-cluster --all-stop" on any one of the cluster nodes.
Once stopped, restart the cluster with "service qpidd start" on all nodes
for the update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
python-qpid-0.18-5.el6_4.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: 879f0a61051d9d1fab7eceaeb641f45f
SHA-256: 258edb9e0b0ff677edf34d5699a1d9a77f62090cf95cb3a82eaec3281f1292a5
qpid-cpp-0.18-17.el6_4.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: 2c1ae79de81f0831d6fc17d6f249fd78
SHA-256: d9d8672675f6cd0d5310e8e54f0fb5d917330f8289c94075fd434ffb280baabd
qpid-java-0.18-8.el6_4.src.rpm     MD5: 47af655f8c3d92867f0b141a6629db81
SHA-256: ac6ac1b33b7fb5f47e8514d77045a35aea85c77fcef7152facb1e775d3ee7396
qpid-qmf-0.18-18.el6_4.src.rpm
File outdated by:  RHBA-2014:0130
    MD5: a577026d9326a489b65620b7858222cb
SHA-256: 56a61b4537e875a8f900919837c4c329ca1770a9230b72d6fac52b5dd81e52eb
qpid-tools-0.18-10.el6_4.src.rpm     MD5: 92dc4a9f9e78ac7372db401b0ce0555d
SHA-256: 670464883fce7b853454e8ab48807d2139c936429cb451ec5340d2eea39b6994
 
IA-32:
python-qpid-0.18-5.el6_4.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: ba38ac1c6adb659622cdee03562a4281
SHA-256: 33e39ef778cff4adbd3dea039c740310c69674a60efd44f183481ebe885de770
python-qpid-qmf-0.18-18.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 62af85986b978fc4573a28c97a8830c7
SHA-256: d608cbfa8c4bad5d4bfe1aaceb09ee037b6a777fbad58439acf71deb5af5f1b4
qpid-cpp-client-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: fe7f1617ddd08af406eda4f82f37bcce
SHA-256: 8c2678e59436f59587b4e6ecacf15b8f3422bb5321de472a8131bf9a25025ffe
qpid-cpp-client-devel-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 761f7c4c71bcbc8689a9b0de0265da33
SHA-256: eb93d7d09f9e62a6901791ed3c21bfce8a66e6e4beb2fe4fce1c5c0a85ad0ff1
qpid-cpp-client-devel-docs-0.18-17.el6_4.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: 16e3eda054be4a89f145ac31b2107215
SHA-256: b2ce4e59a378b885e9227b7c2b333cdc2cd2ded43fae690befea5bb15dd38529
qpid-cpp-client-rdma-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 1b6e1fbb3a3d078255d9057ad574b1b9
SHA-256: ede064a2fef5065b1a25effd5e3a971c4ecd632eceef02640c27e9fda0c89b4d
qpid-cpp-client-ssl-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: bd5d08cec3ee367045e7b282a463b4cf
SHA-256: f8b57e5cb799d21640ec006b29bbcc756ca023c45f754306d6f82517de7f1b57
qpid-cpp-debuginfo-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 3273ef1a1052731eb04761aeceb78d92
SHA-256: 699d78507634ed64d649a912a3f2c9cfcc0358f64e73fe3985046c3cecece36e
qpid-cpp-server-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 874bc84338419ef6a7babd0e979ddc96
SHA-256: 8ec0fccfc7298dc42f0396d59c2646c4be8b88ec4c6125b814d5b2c6b3d6fc4b
qpid-cpp-server-cluster-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 8a731d164a8e281d9947bc9479931c2d
SHA-256: 88423c239434e822d3d9573d74b0edb4d86b3d0fe684f8badf55df2109276127
qpid-cpp-server-devel-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 5d9b5480d77ef0a41caf3315f4a6a51f
SHA-256: bacf9b30fcc31c49b5d09a7992115082d9cbfa28699ff86ae3c710d902649479
qpid-cpp-server-rdma-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: b8fa552991dab792cf603c4ac6c513ce
SHA-256: 7b5044705a9a53c7764d6e8fadc9e786eb36f6afc332d99e4fd77f2c39a6c6ee
qpid-cpp-server-ssl-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 367dd17e2929da7bc28167481c52b722
SHA-256: bd71d9737db213dad6044d78cf0affa478bbf9872b3a6bca5362120e29d614f6
qpid-cpp-server-store-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: a072dba9e945f0d8ffecd2e64b29f31c
SHA-256: d5b78ae09b2cb5702fe3ad07a66f52fac2263c475f0ed2de8799b64fdb70e9b5
qpid-cpp-server-xml-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: bb000f2510c1aa8caedd38f73041df26
SHA-256: 1b64ae944a3eb4f480f413b892fdb01a16134baa69feb10e6ef547c58281569b
qpid-java-client-0.18-8.el6_4.noarch.rpm     MD5: 51c3fb4a78c0969581d9acbf76281326
SHA-256: b889c752bf40e14d6b102065fe0936ecc40dbe74dd38a5b431dd9b7553739ec0
qpid-java-common-0.18-8.el6_4.noarch.rpm     MD5: 4497af66c925f0c0a3fb823e8065071d
SHA-256: 75cc81ff9c0e8572c252c76b7d242701ec17912e29aacf1a933fe812859dfbc4
qpid-java-example-0.18-8.el6_4.noarch.rpm     MD5: fb97ab6e423eade0f56715f4f5b542fe
SHA-256: ca273cab6f5078f65dd6cf5b8650f4c789b34061c36f92253ddee0e6567b4869
qpid-qmf-0.18-18.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 7e412311886271ee2a7066604d297b7a
SHA-256: c9d276817bc054d4a60fd465daadaab8237031126f28736ff391463561886d6d
qpid-qmf-debuginfo-0.18-18.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 579723d8b4d5e453cc0ea1474def7046
SHA-256: e3eb31a7809e17be1e758f1b585035cec8b63686826401bc74e8f87eca581e9f
qpid-qmf-devel-0.18-18.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 00a8c1a397f22d25606699e871e68ef9
SHA-256: e4a49d81fd88113d98fe0c355f374babfe490704dfee39a4006312b3562ca63a
qpid-tools-0.18-10.el6_4.noarch.rpm     MD5: 09f068a0dead0f2e8d8b4bddd76dfa73
SHA-256: 4cb963404f429017c89e4752ab1b342446c496eee3f231430275ad53909b3a83
ruby-qpid-qmf-0.18-18.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 8d17bc12c77c1cb4db9eae3b714ea6e5
SHA-256: b31812f32fb1bbdd9d8ccb13e18f2cefa5442fcfdbb0dba34da7e896b013c04f
 
x86_64:
python-qpid-0.18-5.el6_4.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: ba38ac1c6adb659622cdee03562a4281
SHA-256: 33e39ef778cff4adbd3dea039c740310c69674a60efd44f183481ebe885de770
python-qpid-qmf-0.18-18.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: a48d08dd25a7aca3deea1cd18ab6d5a8
SHA-256: 408375b6a5601ee9a758a45d9dc8710f434216b30e7c497a80e455258fed586b
qpid-cpp-client-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: fe7f1617ddd08af406eda4f82f37bcce
SHA-256: 8c2678e59436f59587b4e6ecacf15b8f3422bb5321de472a8131bf9a25025ffe
qpid-cpp-client-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: f59213402739022d22b3d416e317e5cb
SHA-256: 99d207f377e80821851368b1c344f07c3a18b2d3d8ef10ceae30be3cee0559b7
qpid-cpp-client-devel-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: f79d0c67331bd25dba8ca7b5e39e76e8
SHA-256: e9bcab02cc48588f866cf009434b41e2cc3b48cf27b4afadd300095a7d8d0e90
qpid-cpp-client-devel-docs-0.18-17.el6_4.noarch.rpm
File outdated by:  RHBA-2014:0130
    MD5: 16e3eda054be4a89f145ac31b2107215
SHA-256: b2ce4e59a378b885e9227b7c2b333cdc2cd2ded43fae690befea5bb15dd38529
qpid-cpp-client-rdma-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 5c61832a594bd9220df9e3b374ae3419
SHA-256: 261a76c23f6d4ef0fee292f64e6ea2f3634e61fd6d6558a23f94df004d2f6566
qpid-cpp-client-ssl-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: bd5d08cec3ee367045e7b282a463b4cf
SHA-256: f8b57e5cb799d21640ec006b29bbcc756ca023c45f754306d6f82517de7f1b57
qpid-cpp-client-ssl-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 3f9da4e0cc7107a877a5f84dfacae41b
SHA-256: 9972883d17d7bbed9274625a210731de6f14d037d06f75ed26804ed7e503481e
qpid-cpp-debuginfo-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 3273ef1a1052731eb04761aeceb78d92
SHA-256: 699d78507634ed64d649a912a3f2c9cfcc0358f64e73fe3985046c3cecece36e
qpid-cpp-debuginfo-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: bc27eda9694ac25617de641d938066f1
SHA-256: ac8c81753c41876a463ca6bbc611092c680968e8010442daa70915df1d19cadf
qpid-cpp-server-0.18-17.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 874bc84338419ef6a7babd0e979ddc96
SHA-256: 8ec0fccfc7298dc42f0396d59c2646c4be8b88ec4c6125b814d5b2c6b3d6fc4b
qpid-cpp-server-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 518fc31ebea957c8877e641879b2277c
SHA-256: 705e64df791cf094320467e09dbab01ee9f85141bc21256fa55ad7524df48948
qpid-cpp-server-cluster-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 4a11edab6f55b54b8cd9d1ae1ca8dea7
SHA-256: cfe707e4b8251dc16334c0e06c3d98502a5237b73ba9cbd19fd4af7a0ec9e05b
qpid-cpp-server-devel-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: a90db457f8c68981b3fc85af33a81c10
SHA-256: 2044f1cb447196dcd772b7ee24cc403e4293c164c777c93314b953f842746c54
qpid-cpp-server-rdma-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 82b1c076ffb1f481f117b7948e26bf11
SHA-256: 35de9423560d86fd60e92aab26d864a65b6c888e2ec2cb5043e0fa653fcff8dc
qpid-cpp-server-ssl-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 15360c87a4491c404e7e7d254a966f9f
SHA-256: fd0f5c04adc6da97573f7a11d38556533c058179e87c5235262286365da7416d
qpid-cpp-server-store-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: ee344ec5584aa1c50576dddf44c995a8
SHA-256: f6d810436ab683d77288aeb77d9485af76ff27006a12400eb3bee47b8ee6e4af
qpid-cpp-server-xml-0.18-17.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 9c3733d8e028dd2dfe9db122b7c9464b
SHA-256: 881b9840b8ba6e52705d8c0f63f0740359b03bf161fbeccee634f89632e011af
qpid-java-client-0.18-8.el6_4.noarch.rpm     MD5: 51c3fb4a78c0969581d9acbf76281326
SHA-256: b889c752bf40e14d6b102065fe0936ecc40dbe74dd38a5b431dd9b7553739ec0
qpid-java-common-0.18-8.el6_4.noarch.rpm     MD5: 4497af66c925f0c0a3fb823e8065071d
SHA-256: 75cc81ff9c0e8572c252c76b7d242701ec17912e29aacf1a933fe812859dfbc4
qpid-java-example-0.18-8.el6_4.noarch.rpm     MD5: fb97ab6e423eade0f56715f4f5b542fe
SHA-256: ca273cab6f5078f65dd6cf5b8650f4c789b34061c36f92253ddee0e6567b4869
qpid-qmf-0.18-18.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 7e412311886271ee2a7066604d297b7a
SHA-256: c9d276817bc054d4a60fd465daadaab8237031126f28736ff391463561886d6d
qpid-qmf-0.18-18.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 418251a6f23b7698d3807754e068cb68
SHA-256: d6c75f4ebfb4e9c92f64f1abe75ba56d35bdd47e2aa35105b36abe109be7ea9c
qpid-qmf-debuginfo-0.18-18.el6_4.i686.rpm
File outdated by:  RHBA-2014:0130
    MD5: 579723d8b4d5e453cc0ea1474def7046
SHA-256: e3eb31a7809e17be1e758f1b585035cec8b63686826401bc74e8f87eca581e9f
qpid-qmf-debuginfo-0.18-18.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 1879ecdc0bce7bc24bc79a0a9aeb746b
SHA-256: 25976991496ed4006a87890517b40dffa4e46f2be6216c16cacd6c3950dd68e2
qpid-qmf-devel-0.18-18.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: 0981a688dccf8aad3bc5dcab2be8f062
SHA-256: 6c67ef617f32934ca55e18d2af1d8bdeaeeb7336c6164b98b40c2d2343e67727
qpid-tools-0.18-10.el6_4.noarch.rpm     MD5: 09f068a0dead0f2e8d8b4bddd76dfa73
SHA-256: 4cb963404f429017c89e4752ab1b342446c496eee3f231430275ad53909b3a83
ruby-qpid-qmf-0.18-18.el6_4.x86_64.rpm
File outdated by:  RHBA-2014:0130
    MD5: e16a6862fe5660d519b1c68fd5c49b92
SHA-256: 2d4b6a765b4a11f3380be7541f8317240c1ad4ce20c207e78f6c118149f1234d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

928530 - CVE-2013-1909 python-qpid: client does not validate qpid server TLS/SSL certificate


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/