This bug was fixed in the package rabbitmq-server -
3.5.7-1ubuntu0.16.04.2
---------------
rabbitmq-server (3.5.7-1ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: authentication bypass (LP: #1706900)
- debian/patches/CVE-2016-9877.patch: fix password check in
plugins-src/rabbitmq-mqtt/src/rabbit_mqtt_processor.erl, add test to
plugins-src/rabbitmq-mqtt/test/src/com/rabbitmq/mqtt/test/MqttTest.java,
fix URL in plugins-src/rabbitmq-mqtt/test/Makefile.
- CVE-2016-9877
-- Marc Deslauriers <[email protected]> Thu, 27 Jul 2017
14:36:17 -0400
** Changed in: rabbitmq-server (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1706900
Title:
CVE-2016-9877 RabbitMQ authentication vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
