[SECURITY] [DSA 5571-1] rabbitmq-server security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5571-1] rabbitmq-server security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 1 Dec 2023 20:29:42 +0000
Message-id: <[🔎] ZWpCNuI5RJ6vv2Ph@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5571-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 01, 2023                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rabbitmq-server
CVE ID         : CVE-2023-46118

It was discovered that missing input sanitising in the HTTP API endpoint
of  RabbitMQ, an implementation of the AMQP protocol, could result in
denial of service.

For the oldstable distribution (bullseye), this problem has been fixed
in version 3.8.9-3+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 3.10.8-1.1+deb12u1.

We recommend that you upgrade your rabbitmq-server packages.

For the detailed security status of rabbitmq-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rabbitmq-server

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVqQcwACgkQEMKTtsN8
TjYyAg/+JsQaCGn5vhqe5bKN6WmJpnfR+WYTx9FtAfitkOcBb+s+g0dWudOS1kDC
In+gUtelwMXozX1uAt3XNTicHCY9tRaa8fNXG2nAkwq11p6Te20ZO1tbg6/OOtml
FsXO2yGszhWaqUwkw9GseSBpVyu5lr0cdFIrqdelzGFwXdAiVnlV5rWbvC1IgsWy
L6dZLs+OZcrnIvPEG2lRHt8+0dvFh0p4bwFpKJXxnmBREMXH46D/RgyejkxNkqnt
acLala7coqO4ePsYFrCeXrP1IoC8VRtk5iz1jFSOqiPQY1q9nG10iiL2CnOPAJ8w
6H5kEzoP8zHzZo2pWvcmQVtzaQ3IEh8xhF/jkiw248Fzf6spjxRM2Pa6XXtWmpUt
NNQUps8vzbQOC7gNPDvYsy8ZgE7HlOj+fzG0v9Ny3YGPUTfG6Ag98pOZtko/QO8v
5MIiYlMwxEb57wotAYXXYELO4IW6SI8EGisT5oaNjCfKRGDdg83GfUnhVPC2lT9j
f29RbECgxjFh0YHV0Kd4sLzWKxV8eXtSMYi2aZCdahoyuk/9JejoevgdgcudsBaJ
LEXCNepqwpYdLyPxYAySpuo3WzyVgzjbR94zQGH1Z1xAumXdnFNhQH6riomKERZU
wg7tUWcOGCyu1ey/h2+zaHPscvSm0DmlZS2lXMgpY3OQTfFsXVw=
=vX+w
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5570-1] nghttp2 security update
Next by Date: [SECURITY] [DSA 5572-1] roundcube security update
Previous by thread: [SECURITY] [DSA 5570-1] nghttp2 security update
Next by thread: [SECURITY] [DSA 5572-1] roundcube security update
Index(es):
- Date
- Thread