Bug 1186308 (CVE-2015-0223)
Summary: | CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abaron, anemec, aortega, apevec, bhu, bkearney, cbillett, chrisw, cpelland, dallan, dsirrine, esammons, gkotton, gmollett, iboverma, jmatthew, jose.p.oliveira.oss, jross, katello-bugs, kpalko, lhh, lpeer, markmc, matt, mcressma, messaging-bugs, mmccune, nsantos, ohadlevy, pmoravec, rbryant, rhos-maint, rrajasek, sclewis, tjay, tross, tsanders, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-23 08:53:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1186310, 1186311, 1189391, 1192064, 1193170, 1471929 | ||
Bug Blocks: | 1181723 |
Description
Vasyl Kaigorodov
2015-01-27 11:41:37 UTC
Created qpid-cpp tracking bugs for this issue: Affects: fedora-all [bug 1186310] Affects: epel-7 [bug 1186311] Upstream commits: https://svn.apache.org/viewvc?view=revision&revision=1653216 https://svn.apache.org/viewvc?view=revision&revision=1653547 This issue has been addressed in the following products: MRG for RHEL-5 v. 2 Via RHSA-2015:0662 https://rhn.redhat.com/errata/RHSA-2015-0662.html This issue has been addressed in the following products: MRG v.2 for RHEL-7 Via RHSA-2015:0660 https://rhn.redhat.com/errata/RHSA-2015-0660.html This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2015:0661 https://rhn.redhat.com/errata/RHSA-2015-0661.html This issue has been addressed in the following products: MRG for RHEL-6 v.3 Via RHSA-2015:0707 https://rhn.redhat.com/errata/RHSA-2015-0707.html This issue has been addressed in the following products: MRG Messaging v.3 for RHEL-7 Via RHSA-2015:0708 https://access.redhat.com/errata/RHSA-2015:0708 This issue has been addressed in the following products: MRG Messaging v.3 for RHEL-7 Via RHSA-2015:0708 https://access.redhat.com/errata/RHSA-2015:0708 Is there a statement of applicability to the qpid-cpp packages in the base RHEL channels outside of MRG? The qpid-cpp packages in Red Hat Enterprise Linux 6 are deprecated, see bug 1181721 comment 11. qpid-cpp-0.30-12.el7, qpid-qmf-0.28-27.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. qpid-cpp-0.32-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |