Bug 642373 (CVE-2009-5005) - CVE-2009-5005 qpid: crash on receipt of invalid AMQP data
Summary: CVE-2009-5005 qpid: crash on receipt of invalid AMQP data
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-5005
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 506580
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-12 17:53 UTC by Vincent Danen
Modified: 2019-09-29 12:39 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-05-09 14:50:59 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0773 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Messaging and Grid Version 1.3 2010-10-14 15:56:44 UTC
Red Hat Product Errata RHSA-2010:0774 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Messaging and Grid Version 1.3 2010-10-14 16:21:24 UTC

Description Vincent Danen 2010-10-12 17:53:10 UTC 
It was reported [1] that Apache QPID would crash when receiving data from a client that is not valid AMQP data, resulting in a shut down of the cluster rather than the client being disconnected.  This was corrected upstream by r785788 [2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=506580
[2] http://svn.apache.org/viewvc?revision=785788&view=revision
Comment 2 errata-xmlrpc 2010-10-14 15:57:09 UTC 
This issue has been addressed in following products:

  MRG for RHEL-5

Via RHSA-2010:0773 https://rhn.redhat.com/errata/RHSA-2010-0773.html
Comment 3 errata-xmlrpc 2010-10-14 16:21:34 UTC 
This issue has been addressed in following products:

  Grid for MRG on RHEL-4
  Messaging for MRG on RHEL-4
  Grid Execute Node for MRG on RHEL-4
  Messaging Base for MRG on RHEL-4

Via RHSA-2010:0774 https://rhn.redhat.com/errata/RHSA-2010-0774.html
Note You need to log in before you can comment on or make changes to this bug.