========================================================================== Ubuntu Security Notice USN-7143-1 December 09, 2024
rabbitmq-server vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: RabbitMQ Server could be made to expose sensitive information over the network. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: Christian Rellmann discovered that RabbitMQ Server did not properly sanitize user input when adding a new user via the management UI. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2021-32718) Fahimhusain Raydurg discovered that RabbitMQ Server did not properly sanitize user input when using the federation management plugin. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2021-32719) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS rabbitmq-server 3.8.3-0ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7143-1 CVE-2021-32718, CVE-2021-32719 Package Information: https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.3-0ubuntu0.2
OpenPGP_signature.asc
Description: OpenPGP digital signature
