1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5571-1] rabbitmq-server security update

    From Moritz Muehlenhoff@21:1/5 to All on Fri Dec 1 21:40:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5571-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : rabbitmq-server
    CVE ID : CVE-2023-46118

    It was discovered that missing input sanitising in the HTTP API endpoint
    of RabbitMQ, an implementation of the AMQP protocol, could result in
    denial of service.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 3.8.9-3+deb11u1.

    For the stable distribution (bookworm), this problem has been fixed in
    version 3.10.8-1.1+deb12u1.

    We recommend that you upgrade your rabbitmq-server packages.

    For the detailed security status of rabbitmq-server please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/rabbitmq-server

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVqQcwACgkQEMKTtsN8 TjYyAg/+JsQaCGn5vhqe5bKN6WmJpnfR+WYTx9FtAfitkOcBb+s+g0dWudOS1kDC In+gUtelwMXozX1uAt3XNTicHCY9tRaa8fNXG2nAkwq11p6Te20ZO1tbg6/OOtml FsXO2yGszhWaqUwkw9GseSBpVyu5lr0cdFIrqdelzGFwXdAiVnlV5rWbvC1IgsWy L6dZLs+OZcrnIvPEG2lRHt8+0dvFh0p4bwFpKJXxnmBREMXH46D/RgyejkxNkqnt acLala7coqO4ePsYFrCeXrP1IoC8VRtk5iz1jFSOqiPQY1q9nG10iiL2CnOPAJ8w 6H5kEzoP8zHzZo2pWvcmQVtzaQ3IEh8xhF/jkiw248Fzf6spjxRM2Pa6XXtWmpUt NNQUps8vzbQOC7gNPDvYsy8ZgE7HlOj+fzG0v9Ny3YGPUTfG6Ag98pOZtko/QO8v 5MIiYlMwxEb57wotAYXXYELO4IW6SI8EGisT5oaNjCfKRGDdg83GfUnhVPC2lT9j f29RbECgxjFh0YHV0Kd4sLzWKxV8eXtSMYi2aZCdahoyuk/9JejoevgdgcudsBaJ LEXCNepqwpYdLyPxYAySpuo3WzyVgzjbR94zQGH1Z1xAumXdnFNhQH6riomKERZU wg7tUWcOGCyu1ey/h2+zaHPscvSm0DmlZS2lXMgpY3OQTfFsXVw=
    =vX+w
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)