vulnerability

SUSE: CVE-2019-0223: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	04/23/2019	08/09/2024	08/09/2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

04/23/2019

Added

08/09/2024

Modified

08/09/2024

Description

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

Solution(s)

suse-upgrade-python3-python-qpid-protonsuse-upgrade-qpid-proton-develsuse-upgrade-qpid-proton-devel-doc

References

BID-108044
CVE-2019-0223
https://attackerkb.com/topics/CVE-2019-0223
REDHAT-RHSA-2019:0886
REDHAT-RHSA-2019:1398
REDHAT-RHSA-2019:1399
REDHAT-RHSA-2019:1400
REDHAT-RHSA-2019:2777
REDHAT-RHSA-2019:2778
REDHAT-RHSA-2019:2779
REDHAT-RHSA-2019:2780
REDHAT-RHSA-2019:2781
REDHAT-RHSA-2019:2782

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today