[RHSA-2012:0477-01] Moderate: Red Hat Enterprise MRG Management Console security update

[news 28]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: Red Hat Enterprise MRG Management Console security update

Advisory ID: RHSA-2012:0477-01

Product: Red Hat Enterprise MRG for RHEL-6

Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0477.html

Issue date: 2012-04-12

CVE Names: CVE-2012-1575

=====================================================================

 

1. Summary:

 

An updated MRG Management Console package that fixes several security

issues is now available for Red Hat Enterprise MRG 2 for Red Hat

Enterprise Linux 6.

 

The Red Hat Security Response Team has rated this update as having moderate

security impact. A Common Vulnerability Scoring System (CVSS) base score,

which gives a detailed severity rating, is available from the CVE link in

the References section.

 

2. Relevant releases/architectures:

 

MRG Grid for RHEL 6 Server v.2 - noarch

MRG Management for RHEL 6 Server v.2 - noarch

 

3. Description:

 

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation

IT infrastructure for enterprise computing. MRG offers increased

performance, reliability, interoperability, and faster computing for

enterprise customers.

 

Several cross-site scripting (XSS) flaws were found in the MRG Management

Console (Cumin). An authorized user on the local network could use these

flaws to perform cross-site scripting attacks against MRG Management

Console users. Note: Refer to the MRG Messaging User Guide for information

on configuring authentication and authorization in the MRG Messaging

broker. (CVE-2012-1575)

 

Users of Red Hat Enterprise MRG Management Console are advised to upgrade

to this updated package, which corrects these issues. The MRG Management

Console must be restarted ("service cumin restart") for this update to take

effect.

 

4. Solution:

 

Before applying this update, make sure all previously-released errata

relevant to your system have been applied.

 

This update is available via the Red Hat Network. Details on how to

use the Red Hat Network to apply this update are available at

https://access.redhat.com/knowledge/articles/11258

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

805712 - CVE-2012-1575 cumin: multiple XSS flaws

 

6. Package List:

 

MRG Grid for RHEL 6 Server v.2:

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5192-5.el6.src.rpm

 

noarch:

cumin-0.1.5192-5.el6.noarch.rpm

 

MRG Management for RHEL 6 Server v.2:

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/cumin-0.1.5192-5.el6.src.rpm

 

noarch:

cumin-0.1.5192-5.el6.noarch.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/#package

 

7. References:

 

https://www.redhat.com/security/data/cve/CVE-2012-1575.html

https://access.redhat.com/security/updates/classification/#moderate

https://docs.redhat.com/docs/en-US/index.html

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2012 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFPhwWWXlSAg2UNWIIRAmJuAKCPwJ8b+Vgux4L3oF5vsGXo9B0L1wCghqmJ

9aFT9+Oxgy2xytiEgkYlZto=

=0WdP

-----END PGP SIGNATURE-----

 

 

--