Ubuntu Security Notice 5004-1 - It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
59fb5cdf77b530600e46be2c0267cbe788afc97154c7f99aed142ee84bb65cfc
==========================================================================
Ubuntu Security Notice USN-5004-1
June 24, 2021
rabbitmq-server vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in rabbitmq-server.
Software Description:
- rabbitmq-server: AMQP server written in Erlang
Details:
It was discovered that RabbitMQ incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287)
Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-22116)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
rabbitmq-server 3.8.9-2ubuntu0.1
Ubuntu 20.10:
rabbitmq-server 3.8.5-1ubuntu0.2
Ubuntu 20.04 LTS:
rabbitmq-server 3.8.2-0ubuntu1.3
Ubuntu 18.04 LTS:
rabbitmq-server 3.6.10-1ubuntu0.5
Ubuntu 16.04 ESM:
rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5004-1
CVE-2019-11287, CVE-2021-22116
Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.9-2ubuntu0.1
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.5-1ubuntu0.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.2-0ubuntu1.3
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.6.10-1ubuntu0.5