Critical Vulnerability Information Announcement ID: RHSA-2019:1400 Release Date: 2019-06-06 Update Date: 2019-06-06 Vulnerability Type/Severity: Security Advisory, Moderate Summary Moderate: qpid-proton Security Update Subject An update for qpid-proton in Red Hat OpenStack Platform 13 (Queens) has been released. Description Issue: AMQ client enables connections, sending, and receiving messages via the AMQP 1.0 wire protocol. Fixes: - qpid-proton: TLS Man-in-the-Middle vulnerability (CVE-2019-0223) Solution Reference: Detailed steps to apply this update Affected Products Red Hat OpenStack for IBM Power 13 ppc64le Red Hat OpenStack 13 x86_64 Fixes BZ - 1702439 - CVE-2019-0223 qpid-proton: TLS Man-in-the-Middle vulnerability BZ - 1704978 - AMQ Interconnect edge mode does not support anonymous channels; resolved and container rebuilt to version 1.4 [openstack-13] BZ - 1717133 - Added jsoncpp to qpid-proton to fix CVE-2019-0223 CVEs CVE-2019-0223 References https://access.redhat.com/security/updates/classification/#moderate