Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5571-1] rabbitmq-server security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5571-1] rabbitmq-server security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5571-1] rabbitmq-server security update
  • Date: Fri, 1 Dec 2023 20:29:42 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZWpCNuI5RJ6vv2Ph AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=IDPAJ3GjPSTyBN9kvg3xW4h8KG6sf6xPY8O1HKnePvc=; b=cs ++p0AtWELNej6yAC4VXK8AF2V6jVOzq4Ph1G3/ZVWYZlbJ8L8fiU9ZUDADl4r3z9GOd6wy1NaHXx0 93WKc5r1lA1uTLq0FQgmLS2SOh/8cCpGibYU/lRDP+7O9uzBy0r0XW23IJZHReBuK2B2dyMCGGKW1 IP8CheQSnQWxSDYS/tCG6naees8xGAYpTJbFGMzN+Ovg59giT1XYWAWdXWk/iM6IXM+AGeQfCIar8 Aq+S8P43TBkWqICzG32UNqPHK1C1piMoQSfjB3h11f2HIskUlcAW1tZqXRv59hqHtoFW91gfGeXR3 iqO7CbqND1uL95BO+mrb7eXdh6zrmfIQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 1 Dec 2023 20:30:15 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <HFdm1aldUUM.A.3m.XJkalB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5571-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 01, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : rabbitmq-server
CVE ID : CVE-2023-46118

It was discovered that missing input sanitising in the HTTP API endpoint
of RabbitMQ, an implementation of the AMQP protocol, could result in
denial of service.

For the oldstable distribution (bullseye), this problem has been fixed
in version 3.8.9-3+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 3.10.8-1.1+deb12u1.

We recommend that you upgrade your rabbitmq-server packages.

For the detailed security status of rabbitmq-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rabbitmq-server

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVqQcwACgkQEMKTtsN8
TjYyAg/+JsQaCGn5vhqe5bKN6WmJpnfR+WYTx9FtAfitkOcBb+s+g0dWudOS1kDC
In+gUtelwMXozX1uAt3XNTicHCY9tRaa8fNXG2nAkwq11p6Te20ZO1tbg6/OOtml
FsXO2yGszhWaqUwkw9GseSBpVyu5lr0cdFIrqdelzGFwXdAiVnlV5rWbvC1IgsWy
L6dZLs+OZcrnIvPEG2lRHt8+0dvFh0p4bwFpKJXxnmBREMXH46D/RgyejkxNkqnt
acLala7coqO4ePsYFrCeXrP1IoC8VRtk5iz1jFSOqiPQY1q9nG10iiL2CnOPAJ8w
6H5kEzoP8zHzZo2pWvcmQVtzaQ3IEh8xhF/jkiw248Fzf6spjxRM2Pa6XXtWmpUt
NNQUps8vzbQOC7gNPDvYsy8ZgE7HlOj+fzG0v9Ny3YGPUTfG6Ag98pOZtko/QO8v
5MIiYlMwxEb57wotAYXXYELO4IW6SI8EGisT5oaNjCfKRGDdg83GfUnhVPC2lT9j
f29RbECgxjFh0YHV0Kd4sLzWKxV8eXtSMYi2aZCdahoyuk/9JejoevgdgcudsBaJ
LEXCNepqwpYdLyPxYAySpuo3WzyVgzjbR94zQGH1Z1xAumXdnFNhQH6riomKERZU
wg7tUWcOGCyu1ey/h2+zaHPscvSm0DmlZS2lXMgpY3OQTfFsXVw=
=vX+w
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5571-1] rabbitmq-server security update, Moritz Muehlenhoff, 01.12.2023

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang