Ubuntu alert USN-5004-1 (rabbitmq-server)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-5004-1] RabbitMQ vulnerabilities | |
| Date: | Thu, 24 Jun 2021 13:13:24 -0300 | |
| Message-ID: | <20210624161324.GA992864@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-5004-1 June 24, 2021 rabbitmq-server vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in rabbitmq-server. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287) Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-22116) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: rabbitmq-server 3.8.9-2ubuntu0.1 Ubuntu 20.10: rabbitmq-server 3.8.5-1ubuntu0.2 Ubuntu 20.04 LTS: rabbitmq-server 3.8.2-0ubuntu1.3 Ubuntu 18.04 LTS: rabbitmq-server 3.6.10-1ubuntu0.5 Ubuntu 16.04 ESM: rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5004-1 CVE-2019-11287, CVE-2021-22116 Package Information: https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.... https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.... https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.... https://launchpad.net/ubuntu/+source/rabbitmq-server/3.6.... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...