Sicherheit: Zwei Probleme in RabbitMQ

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8793456170379615208==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------CWk1WT3K7cRBV0SEHCqil75q"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------CWk1WT3K7cRBV0SEHCqil75q
Content-Type: multipart/mixed;
boundary="------------9EkzYJRvMhrRMaQuyIl3WBIx";
protected-headers="v1"
From: Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <0217c8a6-b9b0-47b3-97af-8f0430b1a1fe@canonical.com>
Subject: [USN-7143-1] RabbitMQ Server vulnerabilities

--------------9EkzYJRvMhrRMaQuyIl3WBIx
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7143-1
December 09, 2024

rabbitmq-server vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

RabbitMQ Server could be made to expose sensitive information over the
network.

Software Description:
- rabbitmq-server: AMQP server written in Erlang

Details:

Christian Rellmann discovered that RabbitMQ Server did not properly
sanitize user input when adding a new user via the management UI. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32718)

Fahimhusain Raydurg discovered that RabbitMQ Server did not properly
sanitize user input when using the federation management plugin. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32719)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
rabbitmq-server 3.8.3-0ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7143-1
CVE-2021-32718, CVE-2021-32719

Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.3-0ubuntu0.2

--------------9EkzYJRvMhrRMaQuyIl3WBIx--

--------------CWk1WT3K7cRBV0SEHCqil75q
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmdXGC8FAwAAAAAACgkQyfW2m9Ldu6vW
Fw//YnCda48zn1GmQPyFmhRByDlom8HhuR/sPI3L7E6XsIGV5xH+rJ1qxsvvkGnlXLqZERcICStv
VmExh7EutSIn/PtzV95r7o8CF/4MK6o7dpuACYPU2tOKcUSiaK6d5SpMLdGrVbtEsR5+TbMCKPMM
Knc1/7U9ZLP3zcURHK8ELcaKZytZYBjZS7crBVifVurRQ9KF/KjkbF3GXp+mOSDSwBXnc6FoeLPf
bs8VZZh7/0CLtlskhg94Xo0qy+xH+uEZQph4kx1b/EBverJ5yRNMlNLdCCz/LIA2RYes5i4Y71PD
pJ6J+uGeNt9pQ7RISD41tTwJE2g0BEws6dkYFjTHtuxR+Z6qpyK8gcXXQgIo1Twb5PLSnFVinUo+
yy2l85FPHaTvu5ahjNzJjEgEV/iolJ0EZAO1GTKPyZP8r2QNcfDzbPwmKTGvdLajZrtG5niVl7lr
DYcz4qzuT84HiWpWax42oU573JFJpd6G1kDcD3Yh4oHRRTW2EG0hfaEPUFKksbDF8fNTnVO23qAu
04dXk95NeVYVRtdJrpnaSOStnF89US5oBf2/wWvb4MQD6UY+9W7mmpJ7Fsn20n46mSXBClrFtpX8
9DCBat7Sry7CqSCkrz9U4KeddlvVNV5aQgMhpv02GCQ4BSjdgvngpPASNrsYhiRMrpciCMiTMQrJ
de8=
=5nkG
-----END PGP SIGNATURE-----

--------------CWk1WT3K7cRBV0SEHCqil75q--

--===============8793456170379615208==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============8793456170379615208==--