Описание
Security update for rabbitmq-server
This update for rabbitmq-server fixes the following issues:
- CVE-2023-46118: Introduce HTTP request body limit for definition uploads (bsc#1216582).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP4
erlang-rabbitmq-client-3.8.11-150300.3.14.1
rabbitmq-server-3.8.11-150300.3.14.1
rabbitmq-server-plugins-3.8.11-150300.3.14.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
erlang-rabbitmq-client-3.8.11-150300.3.14.1
rabbitmq-server-3.8.11-150300.3.14.1
rabbitmq-server-plugins-3.8.11-150300.3.14.1
openSUSE Leap 15.4
erlang-rabbitmq-client-3.8.11-150300.3.14.1
rabbitmq-server-3.8.11-150300.3.14.1
rabbitmq-server-plugins-3.8.11-150300.3.14.1
openSUSE Leap 15.5
erlang-rabbitmq-client-3.8.11-150300.3.14.1
rabbitmq-server-3.8.11-150300.3.14.1
rabbitmq-server-plugins-3.8.11-150300.3.14.1
Ссылки
- Link for SUSE-SU-2023:4939-1
- E-Mail link for SUSE-SU-2023:4939-1
- SUSE Security Ratings
- SUSE Bug 1216582
- SUSE CVE CVE-2023-46118 page
Описание
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:erlang-rabbitmq-client-3.8.11-150300.3.14.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:rabbitmq-server-3.8.11-150300.3.14.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:rabbitmq-server-plugins-3.8.11-150300.3.14.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:erlang-rabbitmq-client-3.8.11-150300.3.14.1
Ссылки
- CVE-2023-46118
- SUSE Bug 1216582