SUSE-SU-2025:03234-1

Опубликовано: 15 сент. 2025

Источник: suse-cvrf

Описание

Security update for rabbitmq-server313

This update for rabbitmq-server313 fixes the following issues:

CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request (bsc#1245105)
Fixed bad logrotate configuration allowing potential escalation from rabbitmq to root (bsc#1246091)

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP6

erlang-rabbitmq-client313-3.13.1-150600.13.11.1

rabbitmq-server313-3.13.1-150600.13.11.1

rabbitmq-server313-plugins-3.13.1-150600.13.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP7

erlang-rabbitmq-client313-3.13.1-150600.13.11.1

rabbitmq-server313-3.13.1-150600.13.11.1

rabbitmq-server313-bash-completion-3.13.1-150600.13.11.1

rabbitmq-server313-plugins-3.13.1-150600.13.11.1

rabbitmq-server313-zsh-completion-3.13.1-150600.13.11.1

openSUSE Leap 15.6

erlang-rabbitmq-client313-3.13.1-150600.13.11.1

rabbitmq-server313-3.13.1-150600.13.11.1

rabbitmq-server313-plugins-3.13.1-150600.13.11.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202503234-1/
Link for SUSE-SU-2025:03234-1
https://lists.suse.com/pipermail/sle-updates/2025-September/041709.html
E-Mail link for SUSE-SU-2025:03234-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1245105
SUSE Bug 1245105
https://bugzilla.suse.com/1246091
SUSE Bug 1246091
https://www.suse.com/security/cve/CVE-2025-50200/
SUSE CVE CVE-2025-50200 page

Описание

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP6:erlang-rabbitmq-client313-3.13.1-150600.13.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:rabbitmq-server313-3.13.1-150600.13.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:rabbitmq-server313-plugins-3.13.1-150600.13.11.1

SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-rabbitmq-client313-3.13.1-150600.13.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-50200.html
CVE-2025-50200
https://bugzilla.suse.com/1245105
SUSE Bug 1245105

SUSE-SU-2025:03234-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP6

SUSE Linux Enterprise Module for Server Applications 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-50200

Описание

Затронутые продукты

Ссылки