UbuntuUpdates.org

Package "rabbitmq-server"

Name: rabbitmq-server

Description:

AMQP server written in Erlang
Latest version: 3.9.27-0ubuntu0.2
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.rabbitmq.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "rabbitmq-server"

All arch deb package
APT INSTALL

Other versions of "rabbitmq-server" in Jammy

Repository Area Version
base main 3.9.13-1
updates main 3.9.27-0ubuntu0.2

Changelog

Version: 3.9.27-0ubuntu0.2 2025-03-31 19:07:21 UTC

  rabbitmq-server (3.9.27-0ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2025-30219.patch: sanitize error message in
      management ui.
    - CVE-2025-30219

 -- Fabian Toepfer <email address hidden> Thu, 27 Mar 2025 17:08:12 +0100
Source diff to previous version
CVE-2025-30219 RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on

Version: 3.9.13-1ubuntu0.22.04.2 2023-11-21 19:06:57 UTC

  rabbitmq-server (3.9.13-1ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-46118-*.patch: Introduce HTTP request body limit
      for definition uploads and Reduce default HTTP API request body size limit
      to 10 MiB in deps/rabbitmq_management/Makefile, include/rabbit_mgmt.hrl,
      priv/schema/rabbitmq_management.schema, src/rabbit_mgmt_util.erl,
      src/rabbit_mgmt_wm_definitions.erl.
    - CVE-2023-46118

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 06 Nov 2023 09:22:43 -0300
CVE-2023-46118 RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of


About   -   Send Feedback to @ubuntu_updates