ALT-PU-2016-3246-1
Package qpid-proton updated to version 0.14.0-alt1 for branch sisyphus in task 169029.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-2166
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
- FEDORA-2016-e6e8436b98
- FEDORA-2016-e6e8436b98
- http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
- http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
- http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
- http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
- 20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported
- 20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported
- https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585
- https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585
- https://issues.apache.org/jira/browse/PROTON-1157
- https://issues.apache.org/jira/browse/PROTON-1157
- [qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223
- [qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223
Modified: 2024-11-21
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
- [oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows
- [oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows
- 91788
- 91788
- 1036316
- 1036316
- [qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223
- [qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223