Moderate CentOS qpid Update

Metadata

medium
5.0
python-qpid-0.14-11.el6_3.noarch.rpm, python-qpid-0.14-11.el6_3.src.rpm, python-qpid-qmf-0.14-14.el6_3.i686.rpm, python-qpid-qmf-0.14-14.el6_3.x86_64.rpm, qpid-cpp-0.14-22.el6_3.src.rpm, qpid-cpp-client-0.14-22.el6_3.i686.rpm, qpid-cpp-client-0.14-22.el6_3.x86_64.rpm, qpid-cpp-client-devel-0.14-22.el6_3.i686.rpm, qpid-cpp-client-devel-0.14-22.el6_3.x86_64.rpm, qpid-cpp-client-devel-docs-0.14-22.el6_3.noarch.rpm, qpid-cpp-client-rdma-0.14-22.el6_3.i686.rpm, qpid-cpp-client-rdma-0.14-22.el6_3.x86_64.rpm, qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm, qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm, qpid-cpp-server-0.14-22.el6_3.i686.rpm, qpid-cpp-server-0.14-22.el6_3.x86_64.rpm, qpid-cpp-server-cluster-0.14-22.el6_3.i686.rpm, qpid-cpp-server-cluster-0.14-22.el6_3.x86_64.rpm, qpid-cpp-server-devel-0.14-22.el6_3.i686.rpm, qpid-cpp-server-devel-0.14-22.el6_3.x86_64.rpm, qpid-cpp-server-rdma-0.14-22.el6_3.i686.rpm, qpid-cpp-server-rdma-0.14-22.el6_3.x86_64.rpm, qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm, qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm, qpid-cpp-server-store-0.14-22.el6_3.i686.rpm, qpid-cpp-server-store-0.14-22.el6_3.x86_64.rpm, qpid-cpp-server-xml-0.14-22.el6_3.i686.rpm, qpid-cpp-server-xml-0.14-22.el6_3.x86_64.rpm, qpid-qmf-0.14-14.el6_3.i686.rpm, qpid-qmf-0.14-14.el6_3.src.rpm, qpid-qmf-0.14-14.el6_3.x86_64.rpm, qpid-qmf-devel-0.14-14.el6_3.i686.rpm, qpid-qmf-devel-0.14-14.el6_3.x86_64.rpm, qpid-tools-0.14-6.el6_3.noarch.rpm, qpid-tools-0.14-6.el6_3.src.rpm, rh-qpid-cpp-tests-0.14-22.el6_3.i686.rpm, rh-qpid-cpp-tests-0.14-22.el6_3.x86_64.rpm, ruby-qpid-qmf-0.14-14.el6_3.i686.rpm, ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm
CVE-2012-2145
rhn.redhat.com, lists.centos.org
2012-09-19
2017-07-27 19:04
CVE-2012-2145 qpid-cpp
CVE-2012-2145
2017-04-01 19:06
2017-01-05 20:10

Description


Updated qpid packages that fix one security issue, multiple bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Apache Qpid is a reliable, cross-platform, asynchronous messaging system
that supports the Advanced Message Queuing Protocol (AMQP) in several
common programming languages.

It was discovered that the Qpid daemon (qpidd) did not allow the number of
connections from clients to be restricted. A malicious client could use
this flaw to open an excessive amount of connections, preventing other
legitimate clients from establishing a connection to qpidd. (CVE-2012-2145)

To address CVE-2012-2145, new qpidd configuration options were introduced:
max-negotiate-time defines the time during which initial protocol
negotiation must succeed, connection-limit-per-user and
connection-limit-per-ip can be used to limit the number of connections per
user and client host IP. Refer to the qpidd manual page for additional
details.

In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages
have been upgraded to upstream version 0.14, which provides support for Red
Hat Enterprise MRG 2.2, as well as a number of bug fixes and enhancements
over the previous version. (BZ#840053, BZ#840055, BZ#840056, BZ#840058)

All users of qpid are advised to upgrade to these updated packages, which
fix these issues and add these enhancements.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 python-qpid python-qpid-0.14-11.el6_3.noarch.rpm
python-qpid python-qpid-0.14-11.el6_3.src.rpm
python-qpid-qmf python-qpid-qmf-0.14-14.el6_3.i686.rpm
python-qpid-qmf python-qpid-qmf-0.14-14.el6_3.x86_64.rpm
qpid-cpp qpid-cpp-0.14-22.el6_3.src.rpm
qpid-cpp-client qpid-cpp-client-0.14-22.el6_3.i686.rpm
qpid-cpp-client qpid-cpp-client-0.14-22.el6_3.x86_64.rpm
qpid-cpp-client-devel qpid-cpp-client-devel-0.14-22.el6_3.i686.rpm
qpid-cpp-client-devel qpid-cpp-client-devel-0.14-22.el6_3.x86_64.rpm
qpid-cpp-client-devel-docs qpid-cpp-client-devel-docs-0.14-22.el6_3.noarch.rpm
qpid-cpp-client-rdma qpid-cpp-client-rdma-0.14-22.el6_3.i686.rpm
qpid-cpp-client-rdma qpid-cpp-client-rdma-0.14-22.el6_3.x86_64.rpm
qpid-cpp-client-ssl qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
qpid-cpp-client-ssl qpid-cpp-client-ssl-0.14-22.el6_3.x86_64.rpm
qpid-cpp-server qpid-cpp-server-0.14-22.el6_3.i686.rpm
qpid-cpp-server qpid-cpp-server-0.14-22.el6_3.x86_64.rpm
qpid-cpp-server-cluster qpid-cpp-server-cluster-0.14-22.el6_3.i686.rpm
qpid-cpp-server-cluster qpid-cpp-server-cluster-0.14-22.el6_3.x86_64.rpm
qpid-cpp-server-devel qpid-cpp-server-devel-0.14-22.el6_3.i686.rpm
qpid-cpp-server-devel qpid-cpp-server-devel-0.14-22.el6_3.x86_64.rpm
qpid-cpp-server-rdma qpid-cpp-server-rdma-0.14-22.el6_3.i686.rpm
qpid-cpp-server-rdma qpid-cpp-server-rdma-0.14-22.el6_3.x86_64.rpm
qpid-cpp-server-ssl qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm
qpid-cpp-server-ssl qpid-cpp-server-ssl-0.14-22.el6_3.x86_64.rpm
qpid-cpp-server-store qpid-cpp-server-store-0.14-22.el6_3.i686.rpm
qpid-cpp-server-store qpid-cpp-server-store-0.14-22.el6_3.x86_64.rpm
qpid-cpp-server-xml qpid-cpp-server-xml-0.14-22.el6_3.i686.rpm
qpid-cpp-server-xml qpid-cpp-server-xml-0.14-22.el6_3.x86_64.rpm
qpid-qmf qpid-qmf-0.14-14.el6_3.i686.rpm
qpid-qmf qpid-qmf-0.14-14.el6_3.src.rpm
qpid-qmf qpid-qmf-0.14-14.el6_3.x86_64.rpm
qpid-qmf-devel qpid-qmf-devel-0.14-14.el6_3.i686.rpm
qpid-qmf-devel qpid-qmf-devel-0.14-14.el6_3.x86_64.rpm
qpid-tools qpid-tools-0.14-6.el6_3.noarch.rpm
qpid-tools qpid-tools-0.14-6.el6_3.src.rpm
rh-qpid-cpp-tests rh-qpid-cpp-tests-0.14-22.el6_3.i686.rpm
rh-qpid-cpp-tests rh-qpid-cpp-tests-0.14-22.el6_3.x86_64.rpm
ruby-qpid-qmf ruby-qpid-qmf-0.14-14.el6_3.i686.rpm
ruby-qpid-qmf ruby-qpid-qmf-0.14-14.el6_3.x86_64.rpm