Chapter 3. Changes in 3.0.1

3.1. Errata

3.1.1. RHBA-2014:1952 – Red Hat Enterprise MRG Messaging 3.0 Release

RHBA-2014:1952 – Red Hat Enterprise MRG Messaging 3.0 Release
These updated packages for Red Hat Enterprise Linux 6 include a number of bug fixes for the Messaging component of MRG.
It was discovered that when two journals concurrently requested a new journal file from an empty EFP, the Broker could segfault. A fix to popEmptyFile now performs an _atomic_ test-and-create-and-grab for the EFP file, which prevents the segfault from occurring. See BZ#1150397 for more information.
A vulnerability was discovered in the SSLv2 and SSLv3 protocols, which is commonly referred to as POODLE. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 2 and 3. It does not affect the newer encryption mechanism known as Transport Layer Security (TLS). As such, these updated packages implement the recommended action to disable SSLv2 and SSLv3 in the C++ broker (qpid-cpp) (BZ#1153763), Windows C++ client (qpid-qmf) (BZ#1153775), and Java client (qpid-java) (BZ#1153779).
Users of the Messaging capabilities of Red Hat Enterprise MRG 3.0, which is layered on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.