python, qpid, rh, ruby security update

CentOS Errata and Security Advisory CESA-2012:1269

Apache Qpid is a reliable, cross-platform, asynchronous messaging system
that supports the Advanced Message Queuing Protocol (AMQP) in several
common programming languages.

It was discovered that the Qpid daemon (qpidd) did not allow the number of
connections from clients to be restricted. A malicious client could use
this flaw to open an excessive amount of connections, preventing other
legitimate clients from establishing a connection to qpidd. (CVE-2012-2145)

To address CVE-2012-2145, new qpidd configuration options were introduced:
max-negotiate-time defines the time during which initial protocol
negotiation must succeed, connection-limit-per-user and
connection-limit-per-ip can be used to limit the number of connections per
user and client host IP. Refer to the qpidd manual page for additional
details.

In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages
have been upgraded to upstream version 0.14, which provides support for Red
Hat Enterprise MRG 2.2, as well as a number of bug fixes and enhancements
over the previous version. (BZ#840053, BZ#840055, BZ#840056, BZ#840058)

All users of qpid are advised to upgrade to these updated packages, which
fix these issues and add these enhancements.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-September/081057.html

Affected packages:
python-qpid
python-qpid-qmf
qpid-cpp-client
qpid-cpp-client-devel
qpid-cpp-client-devel-docs
qpid-cpp-client-rdma
qpid-cpp-client-ssl
qpid-cpp-server
qpid-cpp-server-cluster
qpid-cpp-server-devel
qpid-cpp-server-rdma
qpid-cpp-server-ssl
qpid-cpp-server-store
qpid-cpp-server-xml
qpid-qmf
qpid-qmf-devel
qpid-tools
rh-qpid-cpp-tests
ruby-qpid-qmf

Upstream details at:
https://access.redhat.com/errata/RHSA-2012:1269