Moderate: Red Hat Enterprise MRG Messaging and Grid Version 1.3

Synopsis

Moderate: Red Hat Enterprise MRG Messaging and Grid Version 1.3

Type/Severity

Security Advisory: Moderate

Topic

Updated packages that fix two security issues, several bugs, and add
multiple enhancements are now available as part of the ongoing support and
maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat
Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a realtime IT
infrastructure for enterprise computing. MRG Messaging uses Apache Qpid to
implement the Advanced Message Queuing Protocol (AMQP) standard, adding
persistence options, kernel optimizations, and operating system services.

This update moves Red Hat Enterprise MRG to version 1.3.

A flaw was found in the way Apache Qpid handled the receipt of invalid AMQP
data. A remote user could send invalid AMQP data to the server, causing it
to crash, resulting in the cluster shutting down. (CVE-2009-5005)

A flaw was found in the way Apache Qpid handled a request to redeclare an
existing exchange while adding a new alternate exchange. If a remote,
authenticated user issued such a request, the server would crash, resulting
in the cluster shutting down. (CVE-2009-5006)

This update also adds the following enhancements:

• This update introduces a protocol-independent C++ API. The extra layer of
  indirection will make it easy to support new versions of the AMQP protocol,
  as well as multiple versions simultaneously. (BZ#497747)
  
• The management component is now capable of working in a cluster.
  (BZ#501015)
  
• The Messaging Client Python API is now protocol-independent. (BZ#497748)
  
• This update allows a JMS client to subscribe to the failover exchange to
  retrieve cluster membership information and subsequently to receive
  updates. (BZ#483753)
  
• With this update, the qpidd service can be run without additional
  authentication options. (BZ#515513)
  
• This update adds an OpenMPI wrapper script to Condor. It adds support for
  OpenMPI jobs. (BZ#537232)
  
• The Messaging Client Python API now provides a failover mechanism for
  clustered brokers. (BZ#495718)
  
• The Python Messaging API now includes support for Simple Authentication
  and Security Layer (SASL), which allows authentication support to be added
  to connection-based protocols. (BZ#548493)
  
• The qpid-tool is now able to determine which session a queue consumer
  belongs to. (BZ#504325)
  
• This update handles backward/forward compatibility for QMF and its
  components. (BZ#506698)
  
• Both Secure Sockets Layer (SSL) and Remote Direct Memory Access (RDMA)
  entries can now appear in the list of known URLs. (BZ#471632)
  
• This update allows for the scheduler daemon to run without swap.
  (BZ#548090)
  
• This update introduces a mechanism that specifies the queue size of a
  queue that is setup via the Java API. (BZ#534008)
  
• Previously, a collector could not be remotely restarted. With this
  update, the restart is possible and works as expected. (BZ#543021)
  
• The usage information for the qpid-config utility (that is, the output of
  the "qpid-config -h" command) has been updated to include a brief
  explanation of the exchange type. (BZ#506420)
  

These updated packages include many other bug fixes and enhancements. Users
are directed to the Red Hat Enterprise MRG 1.3 Technical Notes for
information on these changes:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/index.html

All Red Hat Enterprise MRG users are advised to upgrade to these updated
packages, which resolve these issues and add these enhancements, as well as
resolving the issues and adding the enhancements noted in the Red Hat
Enterprise MRG 1.3 Technical Notes. After installing the updated packages,
the qpidd service must be restarted ("service qpidd restart") for this
update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• MRG Realtime 1 x86_64
• MRG Realtime 1 i386
• Red Hat Enterprise MRG Messaging 1 x86_64
• Red Hat Enterprise MRG Messaging 1 i386
• MRG Grid 1 x86_64
• MRG Grid 1 i386
• MRG Grid Execute 1 x86_64
• MRG Grid Execute 1 i386
• MRG Management 1 x86_64
• MRG Management 1 i386

Fixes

• BZ - 498056 - SASL/GSSAPI - Connection hangs when GSSAPI context expires
• BZ - 498247 - CLI utilities display Python back-traces in some error cases
• BZ - 500712 - QMF queries to the broker may return records for deleted objects
• BZ - 500779 - Feature: Provide access to the Connection a Session corresponds to
• BZ - 501015 - Management and cluster do not work together.
• BZ - 501305 - Cluster node gets stuck as updatee and 'hangs' cluster
• BZ - 501749 - If an XML exchange is declared durable, the broker crashes on recovery
• BZ - 504000 - qpid-config's altern-ex option doesn't work
• BZ - 504325 - Enhancement: it should be possible to determine through qpid-tool which sessions a queues consumers belong to
• BZ - 504691 - alternate-exchange proprty of exchange and queue are not persisted
• BZ - 505287 - Messages with no content that 'flow to disk' result in protocol errors on delivery
• BZ - 505314 - qpid-tool crashes down after input wrong command list query
• BZ - 505923 - dedicated scheduler may be inappropriately reusing claims
• BZ - 506420 - qpid-config -h does not explain exchange type
• BZ - 506553 - sesame - memory bloat over time
• BZ - 506556 - c++ client may not timeout accurately where multiple connections exist in the process
• BZ - 506698 - Handle backward/forward compatibility for QMF
• BZ - 507363 - clustered qpidd fails to start - gather loop causes openais_dispatch_recv() to block
• BZ - 507413 - Broker with single IO thread gets stuck looping if it runs out of file handles
• BZ - 507421 - Cluster flow control does not appear to be working properly.
• BZ - 507538 - method exchange_declare is missing in ruby qpid session class
• BZ - 507586 - qpid-config ends with failure
• BZ - 508137 - C++ QMF agent not connecting to broker under valgrind
• BZ - 508144 - A broker stopped and restarted does not remember 'redelivered' status correctly
• BZ - 508675 - Unresponsive qpidd process hangs the cluster
• BZ - 508959 - Attempt to propagate binding info over dynamic link can crash broker if link is concurrently destroyed
• BZ - 509395 - The JMS Client does not default to the correct priority as specified in the spec
• BZ - 509437 - Failure in failover_soak
• BZ - 509449 - JMS client releases messages in an unpredictable order on recover
• BZ - 509454 - [RFE] Add validation for the '--cluster-url' qpidd option
• BZ - 509800 - If journal capacity is exceeded as a result of cluster-durable mode being invoked, last man standing exits
• BZ - 554980 - [qpidd+store] broker rarely aborts when stressed by perftest
• BZ - 555716 - [qpidd+store] broker rarely segfaults when stressed by perftest
• BZ - 556351 - clustered qpidd - durable exchanges do not survive cluster restart.
• BZ - 557159 - Queue-Purge does not send messages to alternate-exchange
• BZ - 557896 - The ttl of messages is not adjusted when forwarding on to other brokers in a federation.
• BZ - 558526 - clustered qpidd shutdowns during start-up with 'Authentication failed: SASL(-1): generic failure: Unable to find a callback: 32775'
• BZ - 558864 - JMS_QPID_DESTTYPE is not set making getJMSDestination unusable.
• BZ - 558968 - initscript lsb compliance
• BZ - 559014 - clustered qpid: durable exchange state not replicated to broker joining cluster
• BZ - 559071 - VM_MEMORY handled inconsistently between Startd and VMGahp
• BZ - 559625 - Segfault if FailoverManager is closed before being opened.
• BZ - 560005 - Broker options "--auth" and "--require-encryption" can fail when used with SSL/TLS
• BZ - 561955 - PREPARE hook invoked as condor, not as user. cannot access $PWD.
• BZ - 561958 - PREPARE hook invocation failure does not abort job execution
• BZ - 565618 - condor_submit fsync()s UserLog for each job
• BZ - 566825 - Grid with no slots throws exception in MRG Management Console
• BZ - 568502 - Collector should advertise itself immediately
• BZ - 568661 - JMS client does not verify that the hostname connected to matches that specified in the servers certificate
• BZ - 568718 - Is acl reload safe to use?
• BZ - 568838 - Dynamic federation duplicates messages
• BZ - 568863 - Dynamic federation tears links down incorrectly
• BZ - 570756 - DtxSetTimeout sent after XID has already been committed
• BZ - 572574 - Error reported from execute node incomplete for IWD access failure
• BZ - 572668 - Potential shadow/schedd protocol error
• BZ - 575147 - condor_master can't start additional schedd's without a restart
• BZ - 575150 - Need to be able to configure maximum cluster id
• BZ - 575177 - Messages set with a TTL expire immediately when sent on qpid queues with LVQ ordering
• BZ - 575748 - broker exits with "critical Broker start-up failed: St9bad_alloc" when ran with --worker-threads 0|-1
• BZ - 575777 - scheduler universe jobs can start during schedd shutdown
• BZ - 575784 - improper RELEASE_CLAIM after REQUEST_CLAIM rejection
• BZ - 576693 - qpid-cluster -d does not close the client connection
• BZ - 578216 - condor_schedd reuses claims to partitioned slots inappropriately
• BZ - 578600 - Dyanamic Slot INVALIDATE_STARTD_ADS causes collector pegging
• BZ - 579681 - Topic exchange duplicates messages
• BZ - 582366 - When reloading a large acl file , the broker core dumps
• BZ - 583131 - Fix Java Client logging
• BZ - 583526 - Management methods disallowed in Clusters must be re-enabled
• BZ - 584089 - ACL module core dumps if management is disabled
• BZ - 591292 - MRG-M Heartbeat causes core
• BZ - 509892 - byte credit calculation inconsistent for messages transfered to new joiner
• BZ - 510241 - clustered qpidd crash in qpid::sys::Poller::run()
• BZ - 510475 - clustered qpidd startup - abort because of unhandled exception
• BZ - 510583 - Unhandled exception when running qpid-cluster against a standalone broker.
• BZ - 510747 - Out of Bounds exception when sending large QMF response
• BZ - 511066 - Replication exchange type should record the usual management stats
• BZ - 511292 - Unexpected connection shows up for qpid-stat -c
• BZ - 513426 - string to double conversion results in questionable precision
• BZ - 513641 - qpid-config gives error "Failed: ()" when creating persistent queue
• BZ - 514054 - [store] Journal can fill under some conditions, and recover from full condition not possible
• BZ - 514751 - QMF agent logging to file, no stdout
• BZ - 515513 - Make cluster update work out of the box without special authentication options
• BZ - 517836 - exclusive parameter ignored in JMS url binding, if durable attribute is present
• BZ - 518291 - Python management tools must handle SystemExit exception properly
• BZ - 518394 - Creating durable and cluster-durable queue which has bad --file-count and/or --file-size parameter causes an exception only for first time
• BZ - 518872 - [FEATURE] exchange flag auto-delete is not recognizable
• BZ - 519183 - Matchmaker code doesn't implement fair share correctly
• BZ - 519476 - Invalid accept data sent by Java client after failover.
• BZ - 519505 - Broker strips domain from userID, causes mismatch on GSSAPI id checking
• BZ - 520600 - Intermittent leak in client library, connector thread not joined.
• BZ - 522267 - Windows: Qpid C++ pid_t and ssize_t 3rd-party compat
• BZ - 526299 - the clustered broker seems to sometimes not send a close-ok before shutting down the socket
• BZ - 526680 - Exchanges named "amq." are declarable, but amqp spec
• BZ - 527233 - shadow process bloat
• BZ - 529670 - qpid-config - inappropriate error message if trying to authenticate with non-existing user
• BZ - 530594 - restart of libvirtd causes condor_vm-gahp to hang.
• BZ - 531561 - alternate exchange not visible on a queue via QMF
• BZ - 531833 - FailoverExchangeMethod getNextBrokerDetails() loops infinitely after a total cluster failure or if the inital connect node is down
• BZ - 531837 - Java client should set the process ID in the client properties during Connection open
• BZ - 531842 - When kerberos auth is used, Java client should use the kerberos user_id & domain when setting the user_id in messages
• BZ - 533045 - Feature Request: support for SASL EXTERNAL with TLS/SSL
• BZ - 533173 - --max-connectoins has no effect
• BZ - 534008 - Need mechanism to specify the queue size of a queue that is setup via the Java API.
• BZ - 537232 - PU: need OpenMPI wrapper script
• BZ - 537481 - qpid-stat needs option to link sesion to queue via subscription object
• BZ - 538188 - connection.start() hangs if connection is not accepted
• BZ - 540545 - WANT_SUSPEND evaluating to UNDEFIEND causes condor_startd exception
• BZ - 541927 - Persistent cluster problems after reboot -f
• BZ - 543021 - Unable to restart collector with condor_restart on remote node
• BZ - 543524 - Cluster with --cluster-size should not hold up init scripts.
• BZ - 543560 - VM Universe libvirt script issues
• BZ - 544092 - message store should not delete backups when qpidd starts
• BZ - 544306 - clustered broker does not retry CPG calls that return TRY_AGAIN
• BZ - 545436 - Cluster node shutsdown with inconsistent error
• BZ - 546736 - Schedd performs unnecessary file operations on SPOOL, targeting mpp.X.Y files
• BZ - 546770 - condor_schedd performance, job removal fsync for each job
• BZ - 547295 - qpid-stat -b threading exception during shutdown 'exceptions.TypeError: 'NoneType' object is not callable'
• BZ - 547397 - Compile with -O2
• BZ - 547769 - clustered qpidd: qpid-cluster/qpid-stat -b reports different widths on different nodes while replication is working well on all nodes
• BZ - 548090 - RESERVED_SWAP doesn't default to 0 as stated in docs
• BZ - 548137 - TIMEOUT_MULTIPLIER only available in <SUBSYS>_ form
• BZ - 548493 - SASL support missing for Python messaging API
• BZ - 549389 - condor_master -pidfile will stomp pidfile of running master
• BZ - 549432 - Parallel Universe jobs require job spool directory
• BZ - 549443 - qpid-config cannot create bindings for the XML or Headers exchange types
• BZ - 549956 - Clustered broker crashes with inconsistency error
• BZ - 552330 - qpid-config from trunk causes exception in broker
• BZ - 552407 - classad debug() function doesn't work with IfThenElse
• BZ - 445749 - [python client] kerberos based authentication
• BZ - 452546 - No way to determine if session/connection is established
• BZ - 455318 - A tx commit fails without a proper error message when a queue runs out of capacity
• BZ - 456482 - submit -spool and transfer_executable = false
• BZ - 458344 - Messages are not released on rollback
• BZ - 462461 - Clustering broker fail-over must replicate federation links
• BZ - 469919 - qpidd init script over-rides user option settings.
• BZ - 470080 - Cluster integration with security.
• BZ - 471054 - focus linking of gsoap, X11 and pq into daemons and tools
• BZ - 471286 - Grid Statistics Job Activity Graphics doesn't update correctly
• BZ - 471315 - Grid, Parse error on Hold a job reason entry.
• BZ - 471326 - Grid: It appears that the default for jobs is to show up as held in the boxed graphic
• BZ - 471632 - Add support for SSL/RDMA URLs in cluster's know urls list
• BZ - 479031 - Cluster member can't be added while management session open
• BZ - 479326 - cluster broker crashes with race condition in DispatchHandle
• BZ - 482944 - Management messages can get staged - which breaks management
• BZ - 483666 - Dynamic Slots and STARTD_JOB_EXPRS, invalid attribute name
• BZ - 483753 - Add failover exchange support for the java client
• BZ - 484048 - qpidd+store flush() failed: jexception 0x0106 slock::slo ck() threw JERR__PTHREAD: pthread failure. (pthread_mutex_lock failed: errno=22 (Invalid argument)) (MessageStoreImpl.cpp:1331)
• BZ - 485091 - "Unknown Publisher" when installing Windows grid client
• BZ - 485429 - qpidd stopped by critical Broker start-up failed: Cannot lock ... Resource temporarily unavailable
• BZ - 486595 - condor_configuration_node input validation
• BZ - 486779 - [RFE] configurable sesame publish rate (sesame publishing too often)
• BZ - 487023 - UID&FILESYSTEM_DOMAIN mis-configuration causing unintended side-effects
• BZ - 488942 - c++ client aborts when session and connection not closed
• BZ - 489315 - perftest shutdown seems to be not clean 'Error in shutdown: Connection closed'
• BZ - 489537 - Cluster - Bogus(?) messages in log file when a new broker joins a cluster
• BZ - 489540 - Memory leak in SASL client code.
• BZ - 490170 - qpidd init script does not implement condrestart though the rpm has a script to call it
• BZ - 490855 - clustered qpidd segfaults in qpid::broker::Exchange::propagateFedOp
• BZ - 491203 - "Timed out waiting for daemon" if recovery from journal takes a long time
• BZ - 491305 - clustered qpidd - replicating non-acked messages is not made visible for managent tools qpid-tool/cumin
• BZ - 491313 - Subscribing sessions should be terminated with exception if the queue they are subscribed to is deleted
• BZ - 492334 - qpidd+store startup crash in mrg::msgstore::MessageStoreImpl::init()
• BZ - 493710 - condor_configure_node: delete not inverse of add
• BZ - 494393 - First two nodes join 'simultaneously'; no node can reach the 'ready' state.
• BZ - 494399 - Bindings from durable queues to the default exchange are not shown after restore
• BZ - 494651 - sesame README points to old apache SVN location
• BZ - 495718 - Python client needs to have failover for clustering
• BZ - 497747 - Feature: Protocol independent API for c++
• BZ - 497748 - Feature: Protocol independent API for python
• BZ - 592861 - Recovered messages larger than 65523 bytes result in framing violation
• BZ - 597362 - Sporadic failure of check-long in cluster_tests.py test_failover
• BZ - 601828 - QMF Agent returning STATUS_USER returns error 7 to QMF Console
• BZ - 603201 - condor-7.4.3-0.17.el5 postuninstall uses invalid init script option
• BZ - 603839 - Concurrent tagging of message with trace id while message is delivered from another queue causes segfault
• BZ - 605311 - condor_schedd double free on SOAP transaction timeout
• BZ - 606824 - Acquired but Not Accepted Messages Not Sent to Alterntate Exchange
• BZ - 614993 - Using Memory or RequestMemory in job requirements drops both default RequestMemory and Memory requirements
• BZ - 615313 - condor_chirp fails when querying the value of a non-existing attribute
• BZ - 615492 - starter hooks, HOOK_UPDATE_JOB_INFO and HOOK_JOB_EXIT not run as job owner
• BZ - 615504 - condor_chirp relies on getenv("_CONDOR_SCRATCH_DIR")
• BZ - 615510 - Job hooks environment does not contain _CONDOR_SCRATCH_DIR and the like
• BZ - 615633 - condor_chirp get_job_attr can return garbage
• BZ - 617709 - fix hfs accountant stats
• BZ - 619552 - negotiator hfs incorrect remaining and infinite loop
• BZ - 621902 - Permissions not set correctly on key pair file
• BZ - 623684 - condor_userlog core dumps when unable to open log file r/o
• BZ - 625205 - shadows create a spool directory per job
• BZ - 628034 - negotiator core on quota_dynamic =0
• BZ - 628086 - GROUP_DYNAMIC_MACH_CONSTRAINT unused with HFS
• BZ - 642373 - CVE-2009-5005 qpid: crash on receipt of invalid AMQP data
• BZ - 642377 - CVE-2009-5006 qpid: crash when redeclaring the exchange with specified alternate_exchange

CVEs

• CVE-2009-5006
• CVE-2009-5005

References

• http://www.redhat.com/security/updates/classification/#moderate
• http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1/html/Technical_Notes/index.html