(RHSA-2010:0773) Moderate: Red Hat Enterprise MRG Messaging and Grid Version 1.3

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a realtime IT
infrastructure for enterprise computing. MRG Messaging uses Apache Qpid to
implement the Advanced Message Queuing Protocol (AMQP) standard, adding
persistence options, kernel optimizations, and operating system services.

This update moves Red Hat Enterprise MRG to version 1.3.

A flaw was found in the way Apache Qpid handled the receipt of invalid AMQP
data. A remote user could send invalid AMQP data to the server, causing it
to crash, resulting in the cluster shutting down. (CVE-2009-5005)

A flaw was found in the way Apache Qpid handled a request to redeclare an
existing exchange while adding a new alternate exchange. If a remote,
authenticated user issued such a request, the server would crash, resulting
in the cluster shutting down. (CVE-2009-5006)

This update also adds the following enhancements:

• This update introduces a protocol-independent C++ API. The extra layer of
  indirection will make it easy to support new versions of the AMQP protocol,
  as well as multiple versions simultaneously. (BZ#497747)

• The management component is now capable of working in a cluster.
  (BZ#501015)

• The Messaging Client Python API is now protocol-independent. (BZ#497748)

• This update allows a JMS client to subscribe to the failover exchange to
  retrieve cluster membership information and subsequently to receive
  updates. (BZ#483753)

• With this update, the qpidd service can be run without additional
  authentication options. (BZ#515513)

• This update adds an OpenMPI wrapper script to Condor. It adds support for
  OpenMPI jobs. (BZ#537232)

• The Messaging Client Python API now provides a failover mechanism for
  clustered brokers. (BZ#495718)

• The Python Messaging API now includes support for Simple Authentication
  and Security Layer (SASL), which allows authentication support to be added
  to connection-based protocols. (BZ#548493)

• The qpid-tool is now able to determine which session a queue consumer
  belongs to. (BZ#504325)

• This update handles backward/forward compatibility for QMF and its
  components. (BZ#506698)

• Both Secure Sockets Layer (SSL) and Remote Direct Memory Access (RDMA)
  entries can now appear in the list of known URLs. (BZ#471632)

• This update allows for the scheduler daemon to run without swap.
  (BZ#548090)

• This update introduces a mechanism that specifies the queue size of a
  queue that is setup via the Java API. (BZ#534008)

• Previously, a collector could not be remotely restarted. With this
  update, the restart is possible and works as expected. (BZ#543021)

• The usage information for the qpid-config utility (that is, the output of
  the “qpid-config -h” command) has been updated to include a brief
  explanation of the exchange type. (BZ#506420)

These updated packages include many other bug fixes and enhancements. Users
are directed to the Red Hat Enterprise MRG 1.3 Technical Notes for
information on these changes:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/index.html

All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which resolve these issues and add these enhancements, as well as
resolving the issues and adding the enhancements noted in the Red Hat
Enterprise MRG 1.3 Technical Notes. After installing the updated packages,
the qpidd service must be restarted (“service qpidd restart”) for this
update to take effect.