Subject: | |
From: | |
Reply To: | |
Date: | Tue, 25 Sep 2012 12:16:33 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
To resolve installation issues with this recent qpid update, the
following packages have been added. These should enable the recent qpid
update to be installed on all SL systems.
i386:
augeas-0.9.0-4.el6.i686.rpm
augeas-devel-0.9.0-4.el6.i686.rpm
augeas-libs-0.9.0-4.el6.i686.rpm
matahari-0.6.0-14.el6.i686.rpm
matahari-agent-lib-0.6.0-14.el6.i686.rpm
matahari-broker-0.6.0-14.el6.i686.rpm
matahari-consoles-0.6.0-14.el6.i686.rpm
matahari-core-0.6.0-14.el6.i686.rpm
matahari-devel-0.6.0-14.el6.i686.rpm
matahari-host-0.6.0-14.el6.i686.rpm
matahari-lib-0.6.0-14.el6.i686.rpm
matahari-network-0.6.0-14.el6.i686.rpm
matahari-python-0.6.0-14.el6.i686.rpm
matahari-rpc-0.6.0-14.el6.i686.rpm
matahari-service-0.6.0-14.el6.i686.rpm
matahari-shell-0.6.0-14.el6.i686.rpm
matahari-sysconfig-0.6.0-14.el6.i686.rpm
matahari-vios-proxy-guest-0.6.0-14.el6.i686.rpm
matahari-vios-proxy-host-0.6.0-14.el6.i686.rpm
sigar-1.6.5-0.4.git58097d9.el6.i686.rpm
sigar-devel-1.6.5-0.4.git58097d9.el6.i686.rpm
tuned-0.2.19-7.el6.noarch.rpm
tuned-utils-0.2.19-7.el6.noarch.rpm
vios-proxy-0.1-1.el6.i686.rpm
vios-proxy-doc-0.2-1.el6.i686.rpm
vios-proxy-guest-0.2-1.el6.i686.rpm
vios-proxy-host-0.2-1.el6.i686.rpm
x86_64:
augeas-0.9.0-4.el6.x86_64.rpm
augeas-devel-0.9.0-4.el6.i686.rpm
augeas-devel-0.9.0-4.el6.x86_64.rpm
augeas-libs-0.9.0-4.el6.i686.rpm
augeas-libs-0.9.0-4.el6.x86_64.rpm
matahari-0.6.0-14.el6.x86_64.rpm
matahari-agent-lib-0.6.0-14.el6.i686.rpm
matahari-agent-lib-0.6.0-14.el6.x86_64.rpm
matahari-broker-0.6.0-14.el6.x86_64.rpm
matahari-consoles-0.6.0-14.el6.x86_64.rpm
matahari-core-0.6.0-14.el6.x86_64.rpm
matahari-devel-0.6.0-14.el6.x86_64.rpm
matahari-host-0.6.0-14.el6.x86_64.rpm
matahari-lib-0.6.0-14.el6.i686.rpm
matahari-lib-0.6.0-14.el6.x86_64.rpm
matahari-network-0.6.0-14.el6.x86_64.rpm
matahari-python-0.6.0-14.el6.x86_64.rpm
matahari-rpc-0.6.0-14.el6.x86_64.rpm
matahari-service-0.6.0-14.el6.x86_64.rpm
matahari-shell-0.6.0-14.el6.x86_64.rpm
matahari-sysconfig-0.6.0-14.el6.x86_64.rpm
matahari-vios-proxy-guest-0.6.0-14.el6.x86_64.rpm
matahari-vios-proxy-host-0.6.0-14.el6.x86_64.rpm
sigar-1.6.5-0.4.git58097d9.el6.i686.rpm
sigar-1.6.5-0.4.git58097d9.el6.x86_64.rpm
sigar-devel-1.6.5-0.4.git58097d9.el6.i686.rpm
sigar-devel-1.6.5-0.4.git58097d9.el6.x86_64.rpm
tuned-0.2.19-7.el6.noarch.rpm
tuned-utils-0.2.19-7.el6.noarch.rpm
vios-proxy-0.1-1.el6.x86_64.rpm
vios-proxy-doc-0.2-1.el6.x86_64.rpm
vios-proxy-guest-0.2-1.el6.x86_64.rpm
vios-proxy-host-0.2-1.el6.x86_64.rpm
On 09/20/2012 08:34 AM, Pat Riehecky wrote:
> Synopsis: Moderate: qpid security, bug fix, and enhancement
> update
> Issue Date: 2012-09-19
> CVE Numbers: CVE-2012-2145
>
> Apache Qpid is a reliable, cross-platform, asynchronous messaging system
> that supports the Advanced Message Queuing Protocol (AMQP) in several
> common programming languages.
>
> It was discovered that the Qpid daemon (qpidd) did not allow the
> number of
> connections from clients to be restricted. A malicious client could use
> this flaw to open an excessive amount of connections, preventing other
> legitimate clients from establishing a connection to qpidd.
> (CVE-2012-2145)
>
> To address CVE-2012-2145, new qpidd configuration options were
> introduced:
> max-negotiate-time defines the time during which initial protocol
> negotiation must succeed, connection-limit-per-user and
> connection-limit-per-ip can be used to limit the number of connections
> per
> user and client host IP. Refer to the qpidd manual page for additional
> details.
>
> In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages
> have been upgraded to upstream version 0.14, which provides a number
> of bug
> fixes and enhancements over the previous version.
>
> All users of qpid are advised to upgrade to these updated packages, which
> fix these issues and add these enhancements.
>
> For dependency resolution saslwrapper, saslwrapper-devel,
> python-saslwrapper,
> and ruby-saslwrapper have been added to this update
>
> SL6
> x86_64
> python-qpid-qmf-0.14-14.el6_3.x86_64.rpm
> qpid-cpp-client-0.14-22.el6_3.i686.rpm
> qpid-cpp-client-0.14-22.el6_3.x86_64.rpm
> qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
> qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm
> qpid-cpp-server-0.14-22.el6_3.i686.rpm
> qpid-cpp-server-0.14-22.el6_3.x86_64.rpm
> qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm
> qpid-qmf-0.14-14.el6_3.i686.rpm
> qpid-qmf-0.14-14.el6_3.x86_64.rpm
> ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm
>
> Dependencies:
> python-saslwrapper-0.14-1.el6.x86_64.rpm
> ruby-saslwrapper-0.14-1.el6.x86_64.rpm
> saslwrapper-0.14-1.el6.i686.rpm
> saslwrapper-0.14-1.el6.x86_64.rpm
> saslwrapper-devel-0.14-1.el6.i686.rpm
> saslwrapper-devel-0.14-1.el6.x86_64.rpm
> i386
> python-qpid-qmf-0.14-14.el6_3.i686.rpm
> qpid-cpp-client-0.14-22.el6_3.i686.rpm
> qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
> qpid-cpp-server-0.14-22.el6_3.i686.rpm
> qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm
> qpid-qmf-0.14-14.el6_3.i686.rpm
> ruby-qpid-qmf-0.14-14.el6_3.i686.rpm
>
> Dependencies:
> python-saslwrapper-0.14-1.el6.i686.rpm
> ruby-saslwrapper-0.14-1.el6.i686.rpm
> saslwrapper-0.14-1.el6.i686.rpm
> saslwrapper-devel-0.14-1.el6.i686.rpm
> noarch
> python-qpid-0.14-11.el6_3.noarch.rpm
> qpid-tools-0.14-6.el6_3.noarch.rpm
>
> - Scientific Linux Development Team
--
Pat Riehecky
Scientific Linux Developer
|
|
|