exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2020-3817-01

Red Hat Security Advisory 2020-3817-01
Posted Sep 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3817-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2020-11113, CVE-2020-14297, CVE-2020-14307, CVE-2020-9488
SHA-256 | c31e8a62adaba2912f29ff3f05dec778352f1114344bfcbd0a5cdb4a27329b11

Red Hat Security Advisory 2020-3817-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: AMQ Clients 2.8.0 Release
Advisory ID: RHSA-2020:3817-01
Product: Red Hat AMQ Clients
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3817
Issue date: 2020-09-23
CVE Names: CVE-2020-9488 CVE-2020-11113 CVE-2020-14297
CVE-2020-14307
====================================================================
1. Summary:

An update is now available for Red Hat AMQ Clients 2.8.0.

Red Hat Product Security has rated this update as having a Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

6Client-AMQ-Clients-2 - i386, noarch, x86_64
6ComputeNode-AMQ-Clients-2 - noarch, x86_64
6Server-AMQ-Clients-2 - i386, noarch, x86_64
6Workstation-AMQ-Clients-2 - i386, noarch, x86_64
7Client-AMQ-Clients-2 - noarch, x86_64
7ComputeNode-AMQ-Clients-2 - noarch, x86_64
7Server-AMQ-Clients-2 - noarch, x86_64
7Workstation-AMQ-Clients-2 - noarch, x86_64
8Base-AMQ-Clients-2 - noarch, x86_64

3. Description:

Red Hat AMQ Clients enable connecting, sending, and receiving messages over
the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.

This update provides various bug fixes and enhancements in addition to the
client package versions previously released on Red Hat Enterprise Linux 6,
7, and 8.

Security Fix(es):

* jackson-databind: Serialization gadgets in
org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)

* wildfly: Some EJB transaction objects may get accumulated causing Denial
of Service (CVE-2020-14297)

* wildfly: EJB SessionOpenInvocations may not be removed properly after a
response is received causing Denial of Service (CVE-2020-14307)

* log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

6. JIRA issues fixed (https://issues.jboss.org/):

ENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6
ENTMQCL-1988 - AMQ Resource Adapter example project does not run
ENTMQCL-2070 - [jms] Log successful reconnects more prominently

7. Package List:

6Client-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm

i386:
python-qpid-proton-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm

noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

6ComputeNode-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm

noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

6Server-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm

i386:
python-qpid-proton-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm

noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

6Workstation-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el6_10amq.src.rpm
qpid-proton-0.32.0-1.el6_10.src.rpm

i386:
python-qpid-proton-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-0.32.0-1.el6_10.i686.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-0.32.0-1.el6_10.i686.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.i686.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.i686.rpm

noarch:
python-qpid-proton-docs-0.32.0-1.el6_10.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el6_10amq.noarch.rpm
qpid-proton-c-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-cpp-docs-0.32.0-1.el6_10.noarch.rpm
qpid-proton-tests-0.32.0-1.el6_10.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-1.el6_10.x86_64.rpm
qpid-cpp-client-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el6_10amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el6_10amq.x86_64.rpm
qpid-proton-c-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-c-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-1.el6_10.x86_64.rpm
qpid-proton-debuginfo-0.32.0-1.el6_10.x86_64.rpm

7Client-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm

noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

7ComputeNode-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm

noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

7Server-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm

noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

7Workstation-AMQ-Clients-2:

Source:
qpid-cpp-1.36.0-31.el7amq.src.rpm
qpid-proton-0.32.0-2.el7.src.rpm

noarch:
python-qpid-proton-docs-0.32.0-2.el7.noarch.rpm
qpid-cpp-client-docs-1.36.0-31.el7amq.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el7.noarch.rpm
qpid-proton-tests-0.32.0-2.el7.noarch.rpm

x86_64:
python-qpid-proton-0.32.0-2.el7.x86_64.rpm
qpid-cpp-client-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-client-devel-1.36.0-31.el7amq.x86_64.rpm
qpid-cpp-debuginfo-1.36.0-31.el7amq.x86_64.rpm
qpid-proton-c-0.32.0-2.el7.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el7.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el7.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el7.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el7.x86_64.rpm

8Base-AMQ-Clients-2:

Source:
nodejs-rhea-1.0.24-1.el8.src.rpm
qpid-proton-0.32.0-2.el8.src.rpm

noarch:
nodejs-rhea-1.0.24-1.el8.noarch.rpm
python-qpid-proton-docs-0.32.0-2.el8.noarch.rpm
qpid-proton-c-docs-0.32.0-2.el8.noarch.rpm
qpid-proton-cpp-docs-0.32.0-2.el8.noarch.rpm
qpid-proton-tests-0.32.0-2.el8.noarch.rpm

x86_64:
python3-qpid-proton-0.32.0-2.el8.x86_64.rpm
python3-qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-c-0.32.0-2.el8.x86_64.rpm
qpid-proton-c-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-c-devel-0.32.0-2.el8.x86_64.rpm
qpid-proton-cpp-0.32.0-2.el8.x86_64.rpm
qpid-proton-cpp-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-cpp-devel-0.32.0-2.el8.x86_64.rpm
qpid-proton-debuginfo-0.32.0-2.el8.x86_64.rpm
qpid-proton-debugsource-0.32.0-2.el8.x86_64.rpm
rubygem-qpid_proton-0.32.0-2.el8.x86_64.rpm
rubygem-qpid_proton-debuginfo-0.32.0-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2020-9488
https://access.redhat.com/security/cve/CVE-2020-11113
https://access.redhat.com/security/cve/CVE-2020-14297
https://access.redhat.com/security/cve/CVE-2020-14307
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_amq

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX2sPG9zjgjWX9erEAQiUhQ/+JX8PxKtJxrUU/dq1RKraMhmSIMuYNJ2I
8yiRcXDkXo5Ph4bsUSkPltNNJ+uxZ9yIg/8s/Xao27Y72b1PZ5FPBL0GmtpSYL2G
aDzaPmpFP7KKGoi92lf2FEIcK1NgUyzZteIhegkAhvZtw27/dnlwY3vLfSfXiCPO
RImbUL4lHQ54V5gmWw6rQP1UUtpBnOZSkI5rl0ifIaB9ad0a3n5NxBj2oVuyhCJw
YiEz+K8we9wnTRXy3Dxpa5IHiVAsaAUDY4Pja5OQboOS9OnWniLOJMqLts4vUuQ5
HlDCVvzHZbCxaAquM7mrD63wk5Jq/Tn7OXdx2qe+naqwTj/9giX11nuRLMxLGSCZ
rBsak2dJ3Qa5j/mUEwh55ytao+k3t6OjULHu6m3TYJOZ0C32h98uboNeJBK5Zrko
7qlQaYZ1H3gdnneBRiAf8AwTyRZsMJAG+nlmW+heE2hXwrMyphWR/pWYjC+unJwr
feLE/UWju8qQxaDVp+qPutubatFbV1jIbgYugvMTlefWTO3cRSc7AbGLRpKfo2uN
ICiPKeOkMBupU8ln1P2KaaKO35iai1LXNjAY1q575ChVXgo+um388f1cpj9hqUOU
pR+f1OD1rv631WxKxbNc0Xwprxw8R2ocNuYzYxxnHuanCz9M3Gev+F35klAG6GjZ
JiQCOpBa2fE=BMtP
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close