Bug 1186302 (CVE-2015-0224)
Summary: | CVE-2015-0224 qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abaron, aortega, apevec, bhu, bkearney, cbillett, chrisw, cpelland, dallan, dsirrine, esammons, gkotton, gmollett, iboverma, jmatthew, jose.p.oliveira.oss, jross, jrusnack, katello-bugs, kpalko, lhh, lpeer, markmc, matt, mcressma, messaging-bugs, mmccune, nsantos, ohadlevy, rbryant, rhos-maint, rrajasek, sclewis, tjay, tross, tsanders, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-23 08:53:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1186304, 1186305, 1189392, 1192064, 1193170, 1471928 | ||
Bug Blocks: | 1181723 |
Description
Vasyl Kaigorodov
2015-01-27 11:34:43 UTC
Created qpid-cpp tracking bugs for this issue: Affects: fedora-all [bug 1186304] Created qpid-cpp tracking bugs for this issue: Affects: epel-7 [bug 1186305] Upstream advisory from which comment 0 quotes: http://seclists.org/bugtraq/2015/Jan/121 This issue is related to previously announced CVE-2015-0203, see bug 1181721 comment 3. Upstream bug and commit: https://issues.apache.org/jira/browse/QPID-6310 https://svn.apache.org/viewvc?view=revision&revision=1654365 This issue has been addressed in the following products: MRG for RHEL-5 v. 2 Via RHSA-2015:0662 https://rhn.redhat.com/errata/RHSA-2015-0662.html This issue has been addressed in the following products: MRG v.2 for RHEL-7 Via RHSA-2015:0660 https://rhn.redhat.com/errata/RHSA-2015-0660.html This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2015:0661 https://rhn.redhat.com/errata/RHSA-2015-0661.html This issue has been addressed in the following products: MRG for RHEL-6 v.3 Via RHSA-2015:0707 https://rhn.redhat.com/errata/RHSA-2015-0707.html This issue has been addressed in the following products: MRG Messaging v.3 for RHEL-7 Via RHSA-2015:0708 https://access.redhat.com/errata/RHSA-2015:0708 This issue has been addressed in the following products: MRG Messaging v.3 for RHEL-7 Via RHSA-2015:0708 https://access.redhat.com/errata/RHSA-2015:0708 Is there a statement of applicability to the qpid-cpp packages in the base RHEL channels outside of MRG? The qpid-cpp packages in Red Hat Enterprise Linux 6 are deprecated, see bug 1181721 comment 11. |