SUSE-FU-2024:2078-1
Vulnerability Summary
Timeline
Description
Feature update for rabbitmq-server313, erlang26, elixir115 This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues: rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 (jsc#PED-8414): - Security issues fixed: * CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice (DoS) attacks (bsc#1186203) * CVE-2021-32718, CVE-2021-32719: Fixed potential for JavaScript code execution in the management UI (bsc#1187818, bsc#1187819) * CVE-2022-31008: Fixed encryption key used to encrypt the URI was seeded with a predictable secret (bsc#1205267) * CVE-2023-46118: Fixed HTTP API vulnerability for denial of service (DoS) attacks with very large messages (bsc#1216582) - Other bugs fixed: * Fixed RabbitMQ maintenance status issue (bsc#1199431) * Provide user/group for RPM 4.19 (bsc#1219532) * Fixed `rabbitmqctl` command for `add_user` (bsc#1222591) * Added hardening to systemd service(s) (bsc#1181400) * Use /run instead of deprecated /var/run in tmpfiles.conf (bsc#1185075) - For the full list of upstream changes of this update between version 3.8.11 and 3.13.1 please consult: * https://www.rabbitmq.com/release-information erlang26: - Provide RPM package as it's a dependency of rabbitmq-server313 (jsc#PED-8414) elixir115: - Provide RPM package as needed in some cases by rabbitmq-server313 (jsc#PED-8414)
Affected Systems
- opensuse•elixir115&distro=openSUSE Leap 15.6
< 1.15.7-150300.7.5.1
- opensuse•erlang26&distro=openSUSE Leap 15.6
< 26.2.1-150300.7.5.1
- opensuse•rabbitmq-server313&distro=openSUSE Leap 15.6
< 3.13.1-150600.13.5.3
- suse•elixir115&distro=SUSE Linux Enterprise Module for Server Applications 15 SP6
< 1.15.7-150300.7.5.1
- suse•erlang26&distro=SUSE Linux Enterprise Module for Server Applications 15 SP6
< 26.2.1-150300.7.5.1
- suse•rabbitmq-server313&distro=SUSE Linux Enterprise Module for Server Applications 15 SP6
< 3.13.1-150600.13.5.3
References (16)
- https://www.suse.com/support/update/announcement/-2024-2078/suse-fu-20242078-1/
- https://bugzilla.suse.com/1181400
- https://bugzilla.suse.com/1185075
- https://bugzilla.suse.com/1186203
- https://bugzilla.suse.com/1187818
- https://bugzilla.suse.com/1187819
- https://bugzilla.suse.com/1199431
- https://bugzilla.suse.com/1205267
- https://bugzilla.suse.com/1216582
- https://bugzilla.suse.com/1219532
- https://bugzilla.suse.com/1222591
- https://www.suse.com/security/cve/CVE-2021-22116
- https://www.suse.com/security/cve/CVE-2021-32718
- https://www.suse.com/security/cve/CVE-2021-32719
- https://www.suse.com/security/cve/CVE-2022-31008
- https://www.suse.com/security/cve/CVE-2023-46118