RHEL 5 : Red Hat Enterprise MRG Messaging 2.2 update (Moderate) (RHSA-2012:1277)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1277 advisory. - qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS CVE-2012-2145 - qpid-cpp-server-cluster: unauthoriz...

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging 2.2 update

Updated Messaging component packages that fix two security issues, multiple bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.2 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...

CVE-2012-3467

The CVE-2012-3467 issue affects Apache Qpid (qpidd) before the fixed updates, where the NullAuthenticator used for catch-up shadow connections allowed remote authentication bypass. Affected: Qpid components handling AMQP broker clustering (qpidd, and related messaging cluster setup). Root cause: ...

Apache QPID NullAuthenticator验证绕过漏洞

Bugtraq ID:54954 CVE ID:CVE-2012-3467 Apache Qpid Open Source AMQP Messaging是一个跨平台的企业通讯解决方案，实现了高级消息队列协议。 Apache Qpid C++库实现存在安全缺陷，允许在影子链接shadow connections中使用NullAuthenticator机制进行验证，导致AMQP客户端应用绕过验证访问broker。 0 bitcoind/Bitcoin-Qt 0.3.11之前版本 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息：...