libqpid-proton-cpp6-0.12.2-1.6 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10217-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libqpid-proton-cpp6-0.12.2-1.6 on GA media These are all security issues fixed in the libqpid-proton-cpp6-0.12.2-1.6 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10217 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-2166/ SUSE CVE CVE-2016-2166 page openSUSE Tumbleweed libqpid-proton-cpp6-0.12.2-1.6 libqpid-proton6-0.12.2-1.6 perl-qpid-proton-0.12.2-1.6 python-qpid-proton-0.12.2-1.6 python-qpid-proton-doc-0.12.2-1.6 qpid-proton-0.12.2-1.6 qpid-proton-devel-0.12.2-1.6 qpid-proton-devel-doc-0.12.2-1.6 libqpid-proton-cpp6-0.12.2-1.6 as a component of openSUSE Tumbleweed libqpid-proton6-0.12.2-1.6 as a component of openSUSE Tumbleweed perl-qpid-proton-0.12.2-1.6 as a component of openSUSE Tumbleweed python-qpid-proton-0.12.2-1.6 as a component of openSUSE Tumbleweed python-qpid-proton-doc-0.12.2-1.6 as a component of openSUSE Tumbleweed qpid-proton-0.12.2-1.6 as a component of openSUSE Tumbleweed qpid-proton-devel-0.12.2-1.6 as a component of openSUSE Tumbleweed qpid-proton-devel-doc-0.12.2-1.6 as a component of openSUSE Tumbleweed The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. CVE-2016-2166 openSUSE Tumbleweed:libqpid-proton-cpp6-0.12.2-1.6 openSUSE Tumbleweed:libqpid-proton6-0.12.2-1.6 openSUSE Tumbleweed:perl-qpid-proton-0.12.2-1.6 openSUSE Tumbleweed:python-qpid-proton-0.12.2-1.6 openSUSE Tumbleweed:python-qpid-proton-doc-0.12.2-1.6 openSUSE Tumbleweed:qpid-proton-0.12.2-1.6 openSUSE Tumbleweed:qpid-proton-devel-0.12.2-1.6 openSUSE Tumbleweed:qpid-proton-devel-doc-0.12.2-1.6 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2166.html CVE-2016-2166 https://bugzilla.suse.com/973343 SUSE Bug 973343