Repository: qpid-site
Updated Branches:
  refs/heads/asf-site 5871bc3a2 -> e4a918b02


Added information about new security vulnearbility CVE-2017-15699


Project: http://git-wip-us.apache.org/repos/asf/qpid-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-site/commit/e4a918b0
Tree: http://git-wip-us.apache.org/repos/asf/qpid-site/tree/e4a918b0
Diff: http://git-wip-us.apache.org/repos/asf/qpid-site/diff/e4a918b0

Branch: refs/heads/asf-site
Commit: e4a918b02ccca59c9297c0777406fcfd4cb3c5ac
Parents: 5871bc3
Author: Ganesh Murthy <gmur...@redhat.com>
Authored: Tue Feb 13 14:34:32 2018 -0500
Committer: Ganesh Murthy <gmur...@redhat.com>
Committed: Tue Feb 13 15:06:22 2018 -0500

----------------------------------------------------------------------
 content/components/dispatch-router/index.html   |   6 +
 .../components/dispatch-router/security.html    | 169 +++++++++++++++++
 content/cves/CVE-2017-15699.html                | 180 +++++++++++++++++++
 content/releases/index.html                     |   2 +-
 .../qpid-dispatch-0.8.1/release-notes.html      |   2 +-
 content/security.html                           |   1 +
 input/components/dispatch-router/index.md       |   4 +
 input/components/dispatch-router/security.md    |  27 +++
 input/cves/CVE-2017-15699.md                    |  36 ++++
 input/releases/index.md                         |   2 +-
 .../qpid-dispatch-0.8.1/release-notes.md        |   2 +-
 input/security.md                               |   1 +
 12 files changed, 428 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/content/components/dispatch-router/index.html
----------------------------------------------------------------------
diff --git a/content/components/dispatch-router/index.html 
b/content/components/dispatch-router/index.html
index 396a57d..852f5d2 100644
--- a/content/components/dispatch-router/index.html
+++ b/content/components/dispatch-router/index.html
@@ -192,6 +192,12 @@ they be clients, brokers or other AMQP-enabled services.  
More about
 <li><a href="https://git-wip-us.apache.org/repos/asf/qpid-dispatch.git";>Git 
clone URL</a></li>
 </ul>
 
+<h2 id="resources">Resources</h2>
+
+<ul>
+<li><a href="security.html">Security</a></li>
+</ul>
+
 </div>
 
 

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/content/components/dispatch-router/security.html
----------------------------------------------------------------------
diff --git a/content/components/dispatch-router/security.html 
b/content/components/dispatch-router/security.html
new file mode 100644
index 0000000..e75f951
--- /dev/null
+++ b/content/components/dispatch-router/security.html
@@ -0,0 +1,169 @@
+<!DOCTYPE html>
+<!--
+ -
+ - Licensed to the Apache Software Foundation (ASF) under one
+ - or more contributor license agreements.  See the NOTICE file
+ - distributed with this work for additional information
+ - regarding copyright ownership.  The ASF licenses this file
+ - to you under the Apache License, Version 2.0 (the
+ - "License"); you may not use this file except in compliance
+ - with the License.  You may obtain a copy of the License at
+ -
+ -   http://www.apache.org/licenses/LICENSE-2.0
+ -
+ - Unless required by applicable law or agreed to in writing,
+ - software distributed under the License is distributed on an
+ - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ - KIND, either express or implied.  See the License for the
+ - specific language governing permissions and limitations
+ - under the License.
+ -
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en">
+  <head>
+    <title>Security - Apache Qpid&#8482;</title>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+    <link rel="stylesheet" href="/site.css" type="text/css" async="async"/>
+    <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/>
+    <script type="text/javascript">var _deferredFunctions = [];</script>
+    <script type="text/javascript" src="/deferred.js" defer="defer"></script>
+    <!--[if lte IE 8]>
+      <link rel="stylesheet" href="/ie.css" type="text/css"/>
+      <script type="text/javascript" src="/html5shiv.js"></script>
+    <![endif]-->
+
+    <!-- Redirects for `go get` and godoc.org -->
+    <meta name="go-import"
+          content="qpid.apache.org git 
https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/>
+    <meta name="go-source"
+          content="qpid.apache.org
+https://github.com/apache/qpid-proton/blob/go1/README.md
+https://github.com/apache/qpid-proton/tree/go1{/dir}
+https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/>
+  </head>
+  <body>
+    <div id="-content">
+      <div id="-top" class="panel">
+        <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a>
+
+        <a id="-search-link"><img width="22" height="16" src="" 
alt="Search"/></a>
+
+        <ul id="-global-navigation">
+          <li><a id="-logotype" href="/index.html">Apache 
Qpid<sup>&#8482;</sup></a></li>
+          <li><a href="/documentation.html">Documentation</a></li>
+          <li><a href="/download.html">Download</a></li>
+          <li><a href="/discussion.html">Discussion</a></li>
+        </ul>
+      </div>
+
+      <div id="-menu" class="panel" style="display: none;">
+        <div class="flex">
+          <section>
+            <h3>Project</h3>
+
+            <ul>
+              <li><a href="/overview.html">Overview</a></li>
+              <li><a href="/components/index.html">Components</a></li>
+              <li><a href="/releases/index.html">Releases</a></li>
+            </ul>
+          </section>
+
+          <section>
+            <h3>Messaging APIs</h3>
+
+            <ul>
+              <li><a href="/proton/index.html">Qpid Proton</a></li>
+              <li><a href="/components/jms/index.html">Qpid JMS</a></li>
+              <li><a href="/components/messaging-api/index.html">Qpid 
Messaging API</a></li>
+            </ul>
+          </section>
+
+          <section>
+            <h3>Servers and tools</h3>
+
+            <ul>
+              <li><a href="/components/broker-j/index.html">Broker-J</a></li>
+              <li><a href="/components/cpp-broker/index.html">C++ 
broker</a></li>
+              <li><a href="/components/dispatch-router/index.html">Dispatch 
router</a></li>
+            </ul>
+          </section>
+
+          <section>
+            <h3>Resources</h3>
+
+            <ul>
+              <li><a href="/dashboard.html">Dashboard</a></li>
+              <li><a 
href="https://cwiki.apache.org/confluence/display/qpid/Index";>Wiki</a></li>
+              <li><a href="/resources.html">More resources</a></li>
+            </ul>
+          </section>
+        </div>
+      </div>
+
+      <div id="-search" class="panel" style="display: none;">
+        <form action="http://www.google.com/search"; method="get">
+          <input type="hidden" name="sitesearch" value="qpid.apache.org"/>
+          <input type="text" name="q" maxlength="255" autofocus="autofocus" 
tabindex="1"/>
+          <button type="submit">Search</button>
+          <a href="/search.html">More ways to search</a>
+        </form>
+      </div>
+
+      <div id="-middle" class="panel">
+        <ul id="-path-navigation"><li><a 
href="/index.html">Home</a></li><li><a 
href="/components/index.html">Components</a></li><li><a 
href="/components/dispatch-router/index.html">Dispatch 
Router</a></li><li>Security</li></ul>
+
+        <div id="-middle-content">
+          <h1 id="security">Security</h1>
+
+<table>
+<thead>
+<tr>
+  <th>CVE-ID</th>
+  <th>Severity</th>
+  <th>Affected versions</th>
+  <th>Fixed versions</th>
+  <th>Summary</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+  <td><a href="/cves/CVE-2017-15699.html">CVE-2017-15699</a></td>
+  <td>Important</td>
+  <td>0.7.0, 0.8.0</td>
+  <td>0.8.1, 1.0.0</td>
+  <td>Denial of service</td>
+</tr>
+</tbody>
+</table>
+
+<p>See the main <a href="/security.html">security</a> page for general
+information and details for other components.</p>
+
+
+          <hr/>
+
+          <ul id="-apache-navigation">
+            <li><a href="http://www.apache.org/";>Apache</a></li>
+            <li><a href="http://www.apache.org/licenses/";>License</a></li>
+            <li><a 
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
+            <li><a 
href="http://www.apache.org/foundation/thanks.html";>Thanks!</a></li>
+            <li><a href="/security.html">Security</a></li>
+            <li><a href="http://www.apache.org/";><img id="-apache-feather" 
width="48" height="14" src="" alt="Apache"/></a></li>
+          </ul>
+
+          <p id="-legal">
+            Apache Qpid, Messaging built on AMQP; Copyright &#169; 2015
+            The Apache Software Foundation; Licensed under
+            the <a href="http://www.apache.org/licenses/LICENSE-2.0";>Apache
+            License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton,
+            Proton, Apache, the Apache feather logo, and the Apache Qpid
+            project logo are trademarks of The Apache Software
+            Foundation; All other marks mentioned may be trademarks or
+            registered trademarks of their respective owners
+          </p>
+        </div>
+      </div>
+    </div>
+  </body>
+</html>

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/content/cves/CVE-2017-15699.html
----------------------------------------------------------------------
diff --git a/content/cves/CVE-2017-15699.html b/content/cves/CVE-2017-15699.html
new file mode 100644
index 0000000..8bd74cd
--- /dev/null
+++ b/content/cves/CVE-2017-15699.html
@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<!--
+ -
+ - Licensed to the Apache Software Foundation (ASF) under one
+ - or more contributor license agreements.  See the NOTICE file
+ - distributed with this work for additional information
+ - regarding copyright ownership.  The ASF licenses this file
+ - to you under the Apache License, Version 2.0 (the
+ - "License"); you may not use this file except in compliance
+ - with the License.  You may obtain a copy of the License at
+ -
+ -   http://www.apache.org/licenses/LICENSE-2.0
+ -
+ - Unless required by applicable law or agreed to in writing,
+ - software distributed under the License is distributed on an
+ - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ - KIND, either express or implied.  See the License for the
+ - specific language governing permissions and limitations
+ - under the License.
+ -
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en">
+  <head>
+    <title>CVE-2017-15699: Apache Qpid Dispatch Denial of Service 
Vulnerability when specially crafted frame is sent to the Router - Apache 
Qpid&#8482;</title>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+    <link rel="stylesheet" href="/site.css" type="text/css" async="async"/>
+    <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/>
+    <script type="text/javascript">var _deferredFunctions = [];</script>
+    <script type="text/javascript" src="/deferred.js" defer="defer"></script>
+    <!--[if lte IE 8]>
+      <link rel="stylesheet" href="/ie.css" type="text/css"/>
+      <script type="text/javascript" src="/html5shiv.js"></script>
+    <![endif]-->
+
+    <!-- Redirects for `go get` and godoc.org -->
+    <meta name="go-import"
+          content="qpid.apache.org git 
https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/>
+    <meta name="go-source"
+          content="qpid.apache.org
+https://github.com/apache/qpid-proton/blob/go1/README.md
+https://github.com/apache/qpid-proton/tree/go1{/dir}
+https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/>
+  </head>
+  <body>
+    <div id="-content">
+      <div id="-top" class="panel">
+        <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a>
+
+        <a id="-search-link"><img width="22" height="16" src="" 
alt="Search"/></a>
+
+        <ul id="-global-navigation">
+          <li><a id="-logotype" href="/index.html">Apache 
Qpid<sup>&#8482;</sup></a></li>
+          <li><a href="/documentation.html">Documentation</a></li>
+          <li><a href="/download.html">Download</a></li>
+          <li><a href="/discussion.html">Discussion</a></li>
+        </ul>
+      </div>
+
+      <div id="-menu" class="panel" style="display: none;">
+        <div class="flex">
+          <section>
+            <h3>Project</h3>
+
+            <ul>
+              <li><a href="/overview.html">Overview</a></li>
+              <li><a href="/components/index.html">Components</a></li>
+              <li><a href="/releases/index.html">Releases</a></li>
+            </ul>
+          </section>
+
+          <section>
+            <h3>Messaging APIs</h3>
+
+            <ul>
+              <li><a href="/proton/index.html">Qpid Proton</a></li>
+              <li><a href="/components/jms/index.html">Qpid JMS</a></li>
+              <li><a href="/components/messaging-api/index.html">Qpid 
Messaging API</a></li>
+            </ul>
+          </section>
+
+          <section>
+            <h3>Servers and tools</h3>
+
+            <ul>
+              <li><a href="/components/broker-j/index.html">Broker-J</a></li>
+              <li><a href="/components/cpp-broker/index.html">C++ 
broker</a></li>
+              <li><a href="/components/dispatch-router/index.html">Dispatch 
router</a></li>
+            </ul>
+          </section>
+
+          <section>
+            <h3>Resources</h3>
+
+            <ul>
+              <li><a href="/dashboard.html">Dashboard</a></li>
+              <li><a 
href="https://cwiki.apache.org/confluence/display/qpid/Index";>Wiki</a></li>
+              <li><a href="/resources.html">More resources</a></li>
+            </ul>
+          </section>
+        </div>
+      </div>
+
+      <div id="-search" class="panel" style="display: none;">
+        <form action="http://www.google.com/search"; method="get">
+          <input type="hidden" name="sitesearch" value="qpid.apache.org"/>
+          <input type="text" name="q" maxlength="255" autofocus="autofocus" 
tabindex="1"/>
+          <button type="submit">Search</button>
+          <a href="/search.html">More ways to search</a>
+        </form>
+      </div>
+
+      <div id="-middle" class="panel">
+        <ul id="-path-navigation"><li><a 
href="/index.html">Home</a></li><li>CVE-2017-15699: Apache Qpid Dispatch Denial 
of Service Vulnerability when specially crafted frame is sent to the 
Router</li></ul>
+
+        <div id="-middle-content">
+          <h1 
id="cve-2017-15699-apache-qpid-dispatch-denial-of-service-vulnerability-when-specially-crafted-frame-is-sent-to-the-router">CVE-2017-15699:
 Apache Qpid Dispatch Denial of Service Vulnerability when specially crafted 
frame is sent to the Router</h1>
+
+<h2 id="severity">Severity</h2>
+
+<p>Important</p>
+
+<h2 id="affected-components">Affected components</h2>
+
+<p>Qpid Dispatch Router</p>
+
+<h2 id="affected-versions">Affected versions</h2>
+
+<p>0.7.0, 0.8.0</p>
+
+<h2 id="fixed-versions">Fixed versions</h2>
+
+<p><a href="/releases/qpid-dispatch-0.8.1/index.html">0.8.1</a>
+<a href="/releases/qpid-dispatch-1.0.0/index.html">1.0.0</a></p>
+
+<h2 id="description">Description</h2>
+
+<p>A Denial of Service vulnerability was found in Apache Qpid Dispatch Router 
0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to 
establish an AMQP connection to the Qpid Dispatch Router and send a 
specifically crafted AMQP frame which will cause it to segfault and shut 
down.</p>
+
+<h2 id="resolution">Resolution</h2>
+
+<p>Users of Qpid Dispatch Router version 0.7.0 and 0.8.0 must upgrade to 
version 0.8.1 or later.</p>
+
+<h2 id="mitigation">Mitigation</h2>
+
+<p>Any user who is able to connect to the Router may exploit the 
vulnerability. If anonymous authentication is enabled then any remote user with 
network access the Router is a possible attacker. The number of possible 
attackers is reduced if the Router is configured to require authentication. 
Then an attacker needs to have authentic credentials which are used to create a 
connection to the Router before proceeding to exploit this vulnerability.</p>
+
+<h2 id="references">References</h2>
+
+<ul>
+<li><a 
href="https://issues.apache.org/jira/browse/DISPATCH-924";>DISPATCH-924</a></li>
+</ul>
+
+
+          <hr/>
+
+          <ul id="-apache-navigation">
+            <li><a href="http://www.apache.org/";>Apache</a></li>
+            <li><a href="http://www.apache.org/licenses/";>License</a></li>
+            <li><a 
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
+            <li><a 
href="http://www.apache.org/foundation/thanks.html";>Thanks!</a></li>
+            <li><a href="/security.html">Security</a></li>
+            <li><a href="http://www.apache.org/";><img id="-apache-feather" 
width="48" height="14" src="" alt="Apache"/></a></li>
+          </ul>
+
+          <p id="-legal">
+            Apache Qpid, Messaging built on AMQP; Copyright &#169; 2015
+            The Apache Software Foundation; Licensed under
+            the <a href="http://www.apache.org/licenses/LICENSE-2.0";>Apache
+            License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton,
+            Proton, Apache, the Apache feather logo, and the Apache Qpid
+            project logo are trademarks of The Apache Software
+            Foundation; All other marks mentioned may be trademarks or
+            registered trademarks of their respective owners
+          </p>
+        </div>
+      </div>
+    </div>
+  </body>
+</html>

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/content/releases/index.html
----------------------------------------------------------------------
diff --git a/content/releases/index.html b/content/releases/index.html
index 89ba641..bc27096 100644
--- a/content/releases/index.html
+++ b/content/releases/index.html
@@ -145,6 +145,7 @@ the
 <div class="two-column">
 
 <ul>
+<li><a href="qpid-dispatch-0.8.1/index.html">Qpid Dispatch 0.8.1</a>, February 
2018</li>
 <li><a href="qpid-broker-j-7.0.0/index.html">Qpid Broker-J 7.0.0</a>, November 
2017</li>
 <li><a href="qpid-proton-0.19.0/index.html">Qpid Proton 0.19.0</a>, December 
2017</li>
 <li><a href="qpid-jms-0.28.0/index.html">Qpid JMS 0.28.0</a>, December 
2017</li>
@@ -163,7 +164,6 @@ the
 <li><a href="qpid-java-6.0.8/index.html">Qpid for Java 6.0.8</a>, June 
2017</li>
 <li><a href="qpid-java-6.1.3/index.html">Qpid for Java 6.1.3</a>, June 
2017</li>
 <li><a href="qpid-java-6.0.7/index.html">Qpid for Java 6.0.7</a>, June 
2017</li>
-<li><a href="qpid-dispatch-0.8.1/index.html">Qpid Dispatch 0.8.1</a>, February 
2018</li>
 <li><a href="qpid-dispatch-0.8.0/index.html">Qpid Dispatch 0.8.0</a>, May 
2017</li>
 <li><a href="qpid-jms-0.23.0/index.html">Qpid JMS 0.23.0</a>, May 2017</li>
 <li><a href="qpid-proton-j-0.19.0/index.html">Qpid Proton-J 0.19.0</a>, May 
2017</li>

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/content/releases/qpid-dispatch-0.8.1/release-notes.html
----------------------------------------------------------------------
diff --git a/content/releases/qpid-dispatch-0.8.1/release-notes.html 
b/content/releases/qpid-dispatch-0.8.1/release-notes.html
index de6068f..86b88b2 100644
--- a/content/releases/qpid-dispatch-0.8.1/release-notes.html
+++ b/content/releases/qpid-dispatch-0.8.1/release-notes.html
@@ -126,7 +126,7 @@ documentation, see the <a href="index.html">release 
overview</a>.</p>
 <h2 id="bugs-fixed">Bugs fixed</h2>
 
 <ul>
-<li><a 
href="https://issues.apache.org/jira/browse/DISPATCH-924";>DISPATCH-924</a> - 
Remove unused variables in router core</li>
+<li><a 
href="https://issues.apache.org/jira/browse/DISPATCH-924";>DISPATCH-924</a> - 
Denial of Service Vulnerability when specially crafted frame is sent to the 
Router</li>
 </ul>
 
 

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/content/security.html
----------------------------------------------------------------------
diff --git a/content/security.html b/content/security.html
index b32f39d..4508351 100644
--- a/content/security.html
+++ b/content/security.html
@@ -130,6 +130,7 @@ Qpid components are detailed at:</p>
 <ul>
 <li><a href="/components/broker-j/security.html">Broker-J</a></li>
 <li><a href="/components/cpp-broker/security.html">C++ broker</a></li>
+<li><a href="/components/dispatch-router/security.html">Dispatch</a> </li>
 </ul>
 
 </section>

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/input/components/dispatch-router/index.md
----------------------------------------------------------------------
diff --git a/input/components/dispatch-router/index.md 
b/input/components/dispatch-router/index.md
index 9fa2e0e..9edfcf9 100644
--- a/input/components/dispatch-router/index.md
+++ b/input/components/dispatch-router/index.md
@@ -79,4 +79,8 @@ they be clients, brokers or other AMQP-enabled services.  
More about
  - [Browse via GitHub](https://github.com/apache/qpid-dispatch)
  - [Git clone URL](https://git-wip-us.apache.org/repos/asf/qpid-dispatch.git)
 
+## Resources
+
+ - [Security](security.html)
+
 </div>

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/input/components/dispatch-router/security.md
----------------------------------------------------------------------
diff --git a/input/components/dispatch-router/security.md 
b/input/components/dispatch-router/security.md
new file mode 100644
index 0000000..c5bfbcd
--- /dev/null
+++ b/input/components/dispatch-router/security.md
@@ -0,0 +1,27 @@
+;;
+;; Licensed to the Apache Software Foundation (ASF) under one
+;; or more contributor license agreements.  See the NOTICE file
+;; distributed with this work for additional information
+;; regarding copyright ownership.  The ASF licenses this file
+;; to you under the Apache License, Version 2.0 (the
+;; "License"); you may not use this file except in compliance
+;; with the License.  You may obtain a copy of the License at
+;; 
+;;   http://www.apache.org/licenses/LICENSE-2.0
+;; 
+;; Unless required by applicable law or agreed to in writing,
+;; software distributed under the License is distributed on an
+;; "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+;; KIND, either express or implied.  See the License for the
+;; specific language governing permissions and limitations
+;; under the License.
+;;
+
+# Security
+
+| CVE-ID | Severity | Affected versions | Fixed versions | Summary |
+| ------ | -------- | ----------------- | -------------- | ------- |
+| [CVE-2017-15699]({{site_url}}/cves/CVE-2017-15699.html) | Important | 0.7.0, 
0.8.0 | 0.8.1, 1.0.0 | Denial of service |
+
+See the main [security]({{site_url}}/security.html) page for general
+information and details for other components.

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/input/cves/CVE-2017-15699.md
----------------------------------------------------------------------
diff --git a/input/cves/CVE-2017-15699.md b/input/cves/CVE-2017-15699.md
new file mode 100644
index 0000000..66d43b4
--- /dev/null
+++ b/input/cves/CVE-2017-15699.md
@@ -0,0 +1,36 @@
+# CVE-2017-15699: Apache Qpid Dispatch Denial of Service Vulnerability when 
specially crafted frame is sent to the Router
+
+## Severity
+
+Important
+
+## Affected components
+
+Qpid Dispatch Router
+
+## Affected versions
+
+0.7.0, 0.8.0
+
+## Fixed versions
+
+[0.8.1]({{site_url}}/releases/qpid-dispatch-0.8.1/index.html)
+[1.0.0]({{site_url}}/releases/qpid-dispatch-1.0.0/index.html)
+
+## Description
+
+A Denial of Service vulnerability was found in Apache Qpid Dispatch Router 
0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to 
establish an AMQP connection to the Qpid Dispatch Router and send a 
specifically crafted AMQP frame which will cause it to segfault and shut down.
+
+
+## Resolution
+Users of Qpid Dispatch Router version 0.7.0 and 0.8.0 must upgrade to version 
0.8.1 or later.
+
+
+## Mitigation
+Any user who is able to connect to the Router may exploit the vulnerability. 
If anonymous authentication is enabled then any remote user with network access 
the Router is a possible attacker. The number of possible attackers is reduced 
if the Router is configured to require authentication. Then an attacker needs 
to have authentic credentials which are used to create a connection to the 
Router before proceeding to exploit this vulnerability.
+
+## References
+
+ - [DISPATCH-924](https://issues.apache.org/jira/browse/DISPATCH-924)
+
+

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/input/releases/index.md
----------------------------------------------------------------------
diff --git a/input/releases/index.md b/input/releases/index.md
index e82498f..e24c358 100644
--- a/input/releases/index.md
+++ b/input/releases/index.md
@@ -44,6 +44,7 @@ the
 ## Past releases
 
 <div class="two-column" markdown="1">
+ - [Qpid Dispatch 0.8.1](qpid-dispatch-0.8.1/index.html), February 2018
  - [Qpid Broker-J 7.0.0](qpid-broker-j-7.0.0/index.html), November 2017
  - [Qpid Proton 0.19.0](qpid-proton-0.19.0/index.html), December 2017
  - [Qpid JMS 0.28.0](qpid-jms-0.28.0/index.html), December 2017
@@ -62,7 +63,6 @@ the
  - [Qpid for Java 6.0.8](qpid-java-6.0.8/index.html), June 2017
  - [Qpid for Java 6.1.3](qpid-java-6.1.3/index.html), June 2017
  - [Qpid for Java 6.0.7](qpid-java-6.0.7/index.html), June 2017
- - [Qpid Dispatch 0.8.1](qpid-dispatch-0.8.1/index.html), February 2018
  - [Qpid Dispatch 0.8.0](qpid-dispatch-0.8.0/index.html), May 2017
  - [Qpid JMS 0.23.0](qpid-jms-0.23.0/index.html), May 2017
  - [Qpid Proton-J 0.19.0](qpid-proton-j-0.19.0/index.html), May 2017

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/input/releases/qpid-dispatch-0.8.1/release-notes.md
----------------------------------------------------------------------
diff --git a/input/releases/qpid-dispatch-0.8.1/release-notes.md 
b/input/releases/qpid-dispatch-0.8.1/release-notes.md
index 8db7865..648e02b 100644
--- a/input/releases/qpid-dispatch-0.8.1/release-notes.md
+++ b/input/releases/qpid-dispatch-0.8.1/release-notes.md
@@ -28,4 +28,4 @@ documentation, see the [release overview](index.html).
 
 ## Bugs fixed
 
- - [DISPATCH-924](https://issues.apache.org/jira/browse/DISPATCH-924) - Remove 
unused variables in router core
\ No newline at end of file
+ - [DISPATCH-924](https://issues.apache.org/jira/browse/DISPATCH-924) - Denial 
of Service Vulnerability when specially crafted frame is sent to the Router
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/e4a918b0/input/security.md
----------------------------------------------------------------------
diff --git a/input/security.md b/input/security.md
index 3e6efb5..5453ae9 100644
--- a/input/security.md
+++ b/input/security.md
@@ -31,6 +31,7 @@ Qpid components are detailed at:
 
  - [Broker-J]({{site_url}}/components/broker-j/security.html)
  - [C++ broker]({{site_url}}/components/cpp-broker/security.html)
+ - [Dispatch]({{site_url}}/components/dispatch-router/security.html) 
 
 </section>
 <section markdown="1">


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

Reply via email to