UbuntuUpdates.org

Package "rabbitmq-server"

Name: rabbitmq-server

Description:

AMQP server written in Erlang

Latest version: 3.8.3-0ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://www.rabbitmq.com/

Links


Download "rabbitmq-server"


Other versions of "rabbitmq-server" in Focal

Repository Area Version
base main 3.8.2-0ubuntu1
updates main 3.8.3-0ubuntu0.2

Changelog

Version: 3.8.3-0ubuntu0.2 2024-12-09 16:06:47 UTC

  rabbitmq-server (3.8.3-0ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Cross site scripting.
    - debian/patches/CVE-2021-32718.patch: Escape html in
      res.req_params.username in .../www/js/dispatcher.js.
    - debian/patches/CVE-2021-32719.patch: Format
      upstream.value['consumer-tag'] in
      .../www/js/tmpl/federation-upstream.ejs.
    - CVE-2021-32718
    - CVE-2021-32719

 -- Hlib Korzhynskyy <email address hidden> Mon, 02 Dec 2024 12:30:45 -0330

Source diff to previous version

Version: 3.8.2-0ubuntu1.5 2023-11-21 19:06:56 UTC

  rabbitmq-server (3.8.2-0ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-46118-*.patch: Introduce HTTP request body limit
      for definition uploads and Reduce default HTTP API request body size limit
      to 10 MiB in deps/rabbitmq_management/Makefile, include/rabbit_mgmt.hrl,
      priv/schema/rabbitmq_management.schema, src/rabbit_mgmt_util.erl,
      src/rabbit_mgmt_wm_definitions.erl.
    - CVE-2023-46118

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 07 Nov 2023 09:37:31 -0300

Source diff to previous version
CVE-2023-46118 RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of

Version: 3.8.2-0ubuntu1.3 2021-06-24 16:06:23 UTC

  rabbitmq-server (3.8.2-0ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-22116.patch: treat arrays with extra or
      missing input as fatal errors in src/amqp10_binary_parser.erl,
      test/binary_parser_SUITE.erl.
    - CVE-2021-22116

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 23 Jun 2021 10:05:38 -0300

CVE-2021-22116 RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection e



About   -   Send Feedback to @ubuntu_updates