SCIENTIFIC-LINUX-DEVEL Archives

September 2012

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Moderate: qpid on SL6.x i386/x86_64
From:
Elena Korytko <[log in to unmask]>
Reply To:
Elena Korytko <[log in to unmask]>
Date:
Mon, 24 Sep 2012 12:53:36 +0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (93 lines) 
On SL.62 installation for qpid update needed
matahari-*0.6.0-14.el6, on SL.61 for qpid update needed
matahari-*0.6.0-14.el6, augeas-*0.9.0-4.el6,
libvirt-qmf-0.3.0-7.el6_2, sigar-*1.6.5-0.4.git58097d9.el6. Seems like
these packages not presented on repositories.

--
Best regards,
Elena

В Чтв, 20/09/2012 в 08:34 -0500, Pat Riehecky пишет:
> Synopsis:          Moderate: qpid security, bug fix, and enhancement
update
> Issue Date:        2012-09-19
> CVE Numbers:       CVE-2012-2145
> 
> Apache Qpid is a reliable, cross-platform, asynchronous messaging
system
> that supports the Advanced Message Queuing Protocol (AMQP) in several
> common programming languages.
> 
> It was discovered that the Qpid daemon (qpidd) did not allow the
number of
> connections from clients to be restricted. A malicious client could
use
> this flaw to open an excessive amount of connections, preventing other
> legitimate clients from establishing a connection to qpidd.
(CVE-2012-2145)
> 
> To address CVE-2012-2145, new qpidd configuration options were
introduced:
> max-negotiate-time defines the time during which initial protocol
> negotiation must succeed, connection-limit-per-user and
> connection-limit-per-ip can be used to limit the number of connections
per
> user and client host IP. Refer to the qpidd manual page for additional
> details.
> 
> In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid
packages
> have been upgraded to upstream version 0.14, which provides a number
of bug
> fixes and enhancements over the previous version.
> 
> All users of qpid are advised to upgrade to these updated packages,
which
> fix these issues and add these enhancements.
> 
> For dependency resolution saslwrapper, saslwrapper-devel, 
> python-saslwrapper,
> and ruby-saslwrapper have been added to this update
> 
> SL6
>    x86_64
>      python-qpid-qmf-0.14-14.el6_3.x86_64.rpm
>      qpid-cpp-client-0.14-22.el6_3.i686.rpm
>      qpid-cpp-client-0.14-22.el6_3.x86_64.rpm
>      qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
>      qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm
>      qpid-cpp-server-0.14-22.el6_3.i686.rpm
>      qpid-cpp-server-0.14-22.el6_3.x86_64.rpm
>      qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm
>      qpid-qmf-0.14-14.el6_3.i686.rpm
>      qpid-qmf-0.14-14.el6_3.x86_64.rpm
>      ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm
> 
>      Dependencies:
>      python-saslwrapper-0.14-1.el6.x86_64.rpm
>      ruby-saslwrapper-0.14-1.el6.x86_64.rpm
>      saslwrapper-0.14-1.el6.i686.rpm
>      saslwrapper-0.14-1.el6.x86_64.rpm
>      saslwrapper-devel-0.14-1.el6.i686.rpm
>      saslwrapper-devel-0.14-1.el6.x86_64.rpm
>    i386
>      python-qpid-qmf-0.14-14.el6_3.i686.rpm
>      qpid-cpp-client-0.14-22.el6_3.i686.rpm
>      qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
>      qpid-cpp-server-0.14-22.el6_3.i686.rpm
>      qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm
>      qpid-qmf-0.14-14.el6_3.i686.rpm
>      ruby-qpid-qmf-0.14-14.el6_3.i686.rpm
> 
>      Dependencies:
>      python-saslwrapper-0.14-1.el6.i686.rpm
>      ruby-saslwrapper-0.14-1.el6.i686.rpm
>      saslwrapper-0.14-1.el6.i686.rpm
>      saslwrapper-devel-0.14-1.el6.i686.rpm
>    noarch
>      python-qpid-0.14-11.el6_3.noarch.rpm
>      qpid-tools-0.14-6.el6_3.noarch.rpm
> 
> - Scientific Linux Development Team

ATOM RSS1 RSS2