Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0756

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.68129

Kategorie: Red Hat Local Security Checks

Titel: RedHat Security Advisory RHSA-2010:0756

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0756.

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT
infrastructure for enterprise computing. MRG Messaging implements the
Advanced Message Queuing Protocol (AMQP) standard, adding persistence
options, kernel optimizations, and operating system services.

A flaw was found in the way SSL connections to the MRG Messaging broker
were handled. A connection (from a user or client application) to the
broker's SSL port would prevent the broker from responding to any other
connections on that port, until the first connection's SSL handshake
completed or failed. A remote user could use this flaw to block connections
from legitimate clients. Note that this issue only affected connections to
the SSL port. The broker does not listen for SSL connections by default.
(CVE-2010-3083)

A flaw was found in the way the MRG Messaging broker handled the receipt of
large persistent messages. If a remote, authenticated user sent a very
large persistent message, the broker could exhaust stack memory, causing
the broker to crash. (CVE-2010-3701)

All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the qpidd service must be restarted (service qpidd restart) for
this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0756.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
4.3

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3083
41710
http://secunia.com/advisories/41710
RHSA-2010:0756
http://www.redhat.com/support/errata/RHSA-2010-0756.html
RHSA-2010:0757
http://www.redhat.com/support/errata/RHSA-2010-0757.html
[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)
http://www.openwall.com/lists/oss-security/2010/10/08/1
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch
https://bugzilla.redhat.com/show_bug.cgi?id=632657
Common Vulnerability Exposure (CVE) ID: CVE-2010-3701
https://bugzilla.redhat.com/show_bug.cgi?id=634014
https://bugzilla.redhat.com/show_bug.cgi?id=640006

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.68129
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2010:0756
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2010:0756. Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT infrastructure for enterprise computing. MRG Messaging implements the Advanced Message Queuing Protocol (AMQP) standard, adding persistence options, kernel optimizations, and operating system services. A flaw was found in the way SSL connections to the MRG Messaging broker were handled. A connection (from a user or client application) to the broker's SSL port would prevent the broker from responding to any other connections on that port, until the first connection's SSL handshake completed or failed. A remote user could use this flaw to block connections from legitimate clients. Note that this issue only affected connections to the SSL port. The broker does not listen for SSL connections by default. (CVE-2010-3083) A flaw was found in the way the MRG Messaging broker handled the receipt of large persistent messages. If a remote, authenticated user sent a very large persistent message, the broker could exhaust stack memory, causing the broker to crash. (CVE-2010-3701) All Red Hat Enterprise MRG users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the qpidd service must be restarted (service qpidd restart) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0756.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3083 41710 http://secunia.com/advisories/41710 RHSA-2010:0756 http://www.redhat.com/support/errata/RHSA-2010-0756.html RHSA-2010:0757 http://www.redhat.com/support/errata/RHSA-2010-0757.html [oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083) http://www.openwall.com/lists/oss-security/2010/10/08/1 http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch https://bugzilla.redhat.com/show_bug.cgi?id=632657 Common Vulnerability Exposure (CVE) ID: CVE-2010-3701 https://bugzilla.redhat.com/show_bug.cgi?id=634014 https://bugzilla.redhat.com/show_bug.cgi?id=640006
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com