4 - RHSA-2019:0886

Executive Summary

Summary
Title	AMQ Clients 2.3.1 release and security update

Informations
Name	RHSA-2019:0886	First vendor Publication	2019-04-25
Vendor	RedHat	Last vendor Modification	2019-04-25
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Cvss Base Score	4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated Red Hat AMQ Clients 2.3.1 packages are now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

6Client-AMQ-Clients-2 - i386, noarch, x86_64 6ComputeNode-AMQ-Clients-2 - noarch, x86_64 6Server-AMQ-Clients-2 - i386, noarch, x86_64 6Workstation-AMQ-Clients-2 - i386, noarch, x86_64 7Client-AMQ-Clients-2 - noarch, x86_64 7ComputeNode-AMQ-Clients-2 - noarch, x86_64 7Server-AMQ-Clients-2 - noarch, x86_64 7Workstation-AMQ-Clients-2 - noarch, x86_64

3. Description:

Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.

This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6 and 7.

Security Fix(es):

* qpid-proton: TLS Man in the Middle Vulnerability (CVE-2019-0223)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1702439 - CVE-2019-0223 qpid-proton: TLS Man in the Middle Vulnerability

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-0886.html

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Qpid cpe:2.3:a:apache:qpid:0.9:::::::* cpe:2.3:a:apache:qpid:0.8:::::::* cpe:2.3:a:apache:qpid:0.7:::::::* cpe:2.3:a:apache:qpid:0.6:::::::* cpe:2.3:a:apache:qpid:0.5:::::::* cpe:2.3:a:apache:qpid:0.19:::::::* cpe:2.3:a:apache:qpid:0.18:::::::* cpe:2.3:a:apache:qpid:0.17:::::::* cpe:2.3:a:apache:qpid:0.16:::::::* cpe:2.3:a:apache:qpid:0.15:::::::* cpe:2.3:a:apache:qpid:0.14:::::::* cpe:2.3:a:apache:qpid:0.13:::::::* cpe:2.3:a:apache:qpid:0.12:::::::* cpe:2.3:a:apache:qpid:0.11:::::::* cpe:2.3:a:apache:qpid:0.10:::::::*	15
Application	Redhat Openstack cpe:2.3:a:redhat:openstack:14:::::::* cpe:2.3:a:redhat:openstack:13:::::::*	2
Application	Redhat Satellite cpe:2.3:a:redhat:satellite:6.5:-:::::: cpe:2.3:a:redhat:satellite:6.4:-:::::: cpe:2.3:a:redhat:satellite:6.3:-::::::	3
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	2
Os	Redhat Enterprise Linux Eus cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*	6
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	2
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*	8
Os	Redhat Enterprise Linux Server Tus cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*	4
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	2

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-03-19 13:18:11	First insertion

4 - RHSA-2019:0886

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU

	Related
7.4	CVE-2019-0223
Info : listing not affected by your CVSS Env Score