SCIENTIFIC-LINUX-ERRATA Archives

September 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Moderate: qpid on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Tue, 25 Sep 2012 12:16:33 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (153 lines) 
To resolve installation issues with this recent qpid update, the 
following packages have been added.  These should enable the recent qpid 
update to be installed on all SL systems.

i386:
augeas-0.9.0-4.el6.i686.rpm
augeas-devel-0.9.0-4.el6.i686.rpm
augeas-libs-0.9.0-4.el6.i686.rpm
matahari-0.6.0-14.el6.i686.rpm
matahari-agent-lib-0.6.0-14.el6.i686.rpm
matahari-broker-0.6.0-14.el6.i686.rpm
matahari-consoles-0.6.0-14.el6.i686.rpm
matahari-core-0.6.0-14.el6.i686.rpm
matahari-devel-0.6.0-14.el6.i686.rpm
matahari-host-0.6.0-14.el6.i686.rpm
matahari-lib-0.6.0-14.el6.i686.rpm
matahari-network-0.6.0-14.el6.i686.rpm
matahari-python-0.6.0-14.el6.i686.rpm
matahari-rpc-0.6.0-14.el6.i686.rpm
matahari-service-0.6.0-14.el6.i686.rpm
matahari-shell-0.6.0-14.el6.i686.rpm
matahari-sysconfig-0.6.0-14.el6.i686.rpm
matahari-vios-proxy-guest-0.6.0-14.el6.i686.rpm
matahari-vios-proxy-host-0.6.0-14.el6.i686.rpm
sigar-1.6.5-0.4.git58097d9.el6.i686.rpm
sigar-devel-1.6.5-0.4.git58097d9.el6.i686.rpm
tuned-0.2.19-7.el6.noarch.rpm
tuned-utils-0.2.19-7.el6.noarch.rpm
vios-proxy-0.1-1.el6.i686.rpm
vios-proxy-doc-0.2-1.el6.i686.rpm
vios-proxy-guest-0.2-1.el6.i686.rpm
vios-proxy-host-0.2-1.el6.i686.rpm

x86_64:
augeas-0.9.0-4.el6.x86_64.rpm
augeas-devel-0.9.0-4.el6.i686.rpm
augeas-devel-0.9.0-4.el6.x86_64.rpm
augeas-libs-0.9.0-4.el6.i686.rpm
augeas-libs-0.9.0-4.el6.x86_64.rpm
matahari-0.6.0-14.el6.x86_64.rpm
matahari-agent-lib-0.6.0-14.el6.i686.rpm
matahari-agent-lib-0.6.0-14.el6.x86_64.rpm
matahari-broker-0.6.0-14.el6.x86_64.rpm
matahari-consoles-0.6.0-14.el6.x86_64.rpm
matahari-core-0.6.0-14.el6.x86_64.rpm
matahari-devel-0.6.0-14.el6.x86_64.rpm
matahari-host-0.6.0-14.el6.x86_64.rpm
matahari-lib-0.6.0-14.el6.i686.rpm
matahari-lib-0.6.0-14.el6.x86_64.rpm
matahari-network-0.6.0-14.el6.x86_64.rpm
matahari-python-0.6.0-14.el6.x86_64.rpm
matahari-rpc-0.6.0-14.el6.x86_64.rpm
matahari-service-0.6.0-14.el6.x86_64.rpm
matahari-shell-0.6.0-14.el6.x86_64.rpm
matahari-sysconfig-0.6.0-14.el6.x86_64.rpm
matahari-vios-proxy-guest-0.6.0-14.el6.x86_64.rpm
matahari-vios-proxy-host-0.6.0-14.el6.x86_64.rpm
sigar-1.6.5-0.4.git58097d9.el6.i686.rpm
sigar-1.6.5-0.4.git58097d9.el6.x86_64.rpm
sigar-devel-1.6.5-0.4.git58097d9.el6.i686.rpm
sigar-devel-1.6.5-0.4.git58097d9.el6.x86_64.rpm
tuned-0.2.19-7.el6.noarch.rpm
tuned-utils-0.2.19-7.el6.noarch.rpm
vios-proxy-0.1-1.el6.x86_64.rpm
vios-proxy-doc-0.2-1.el6.x86_64.rpm
vios-proxy-guest-0.2-1.el6.x86_64.rpm
vios-proxy-host-0.2-1.el6.x86_64.rpm


On 09/20/2012 08:34 AM, Pat Riehecky wrote:
> Synopsis:          Moderate: qpid security, bug fix, and enhancement 
> update
> Issue Date:        2012-09-19
> CVE Numbers:       CVE-2012-2145
>
> Apache Qpid is a reliable, cross-platform, asynchronous messaging system
> that supports the Advanced Message Queuing Protocol (AMQP) in several
> common programming languages.
>
> It was discovered that the Qpid daemon (qpidd) did not allow the 
> number of
> connections from clients to be restricted. A malicious client could use
> this flaw to open an excessive amount of connections, preventing other
> legitimate clients from establishing a connection to qpidd. 
> (CVE-2012-2145)
>
> To address CVE-2012-2145, new qpidd configuration options were 
> introduced:
> max-negotiate-time defines the time during which initial protocol
> negotiation must succeed, connection-limit-per-user and
> connection-limit-per-ip can be used to limit the number of connections 
> per
> user and client host IP. Refer to the qpidd manual page for additional
> details.
>
> In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages
> have been upgraded to upstream version 0.14, which provides a number 
> of bug
> fixes and enhancements over the previous version.
>
> All users of qpid are advised to upgrade to these updated packages, which
> fix these issues and add these enhancements.
>
> For dependency resolution saslwrapper, saslwrapper-devel, 
> python-saslwrapper,
> and ruby-saslwrapper have been added to this update
>
> SL6
>   x86_64
>     python-qpid-qmf-0.14-14.el6_3.x86_64.rpm
>     qpid-cpp-client-0.14-22.el6_3.i686.rpm
>     qpid-cpp-client-0.14-22.el6_3.x86_64.rpm
>     qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
>     qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm
>     qpid-cpp-server-0.14-22.el6_3.i686.rpm
>     qpid-cpp-server-0.14-22.el6_3.x86_64.rpm
>     qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm
>     qpid-qmf-0.14-14.el6_3.i686.rpm
>     qpid-qmf-0.14-14.el6_3.x86_64.rpm
>     ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm
>
>     Dependencies:
>     python-saslwrapper-0.14-1.el6.x86_64.rpm
>     ruby-saslwrapper-0.14-1.el6.x86_64.rpm
>     saslwrapper-0.14-1.el6.i686.rpm
>     saslwrapper-0.14-1.el6.x86_64.rpm
>     saslwrapper-devel-0.14-1.el6.i686.rpm
>     saslwrapper-devel-0.14-1.el6.x86_64.rpm
>   i386
>     python-qpid-qmf-0.14-14.el6_3.i686.rpm
>     qpid-cpp-client-0.14-22.el6_3.i686.rpm
>     qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
>     qpid-cpp-server-0.14-22.el6_3.i686.rpm
>     qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm
>     qpid-qmf-0.14-14.el6_3.i686.rpm
>     ruby-qpid-qmf-0.14-14.el6_3.i686.rpm
>
>     Dependencies:
>     python-saslwrapper-0.14-1.el6.i686.rpm
>     ruby-saslwrapper-0.14-1.el6.i686.rpm
>     saslwrapper-0.14-1.el6.i686.rpm
>     saslwrapper-devel-0.14-1.el6.i686.rpm
>   noarch
>     python-qpid-0.14-11.el6_3.noarch.rpm
>     qpid-tools-0.14-6.el6_3.noarch.rpm
>
> - Scientific Linux Development Team


-- 
Pat Riehecky
Scientific Linux Developer

ATOM RSS1 RSS2