Описание
Security update for rabbitmq-server
This update for rabbitmq-server fixes the following issue:
- CVE-2016-9877: An issue in Pivotal RabbitMQ caused connection authentication with a username/password pair to succeed if an existing username was provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate were not affected (bsc#1017642).
Список пакетов
openSUSE Leap 42.2
erlang-rabbitmq-client-3.5.8-3.2
rabbitmq-server-3.5.8-3.2
rabbitmq-server-plugins-3.5.8-3.2
Ссылки
- E-Mail link for openSUSE-SU-2017:0306-1
- SUSE Security Ratings
Описание
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Затронутые продукты
openSUSE Leap 42.2:erlang-rabbitmq-client-3.5.8-3.2
openSUSE Leap 42.2:rabbitmq-server-3.5.8-3.2
openSUSE Leap 42.2:rabbitmq-server-plugins-3.5.8-3.2
Ссылки
- CVE-2016-9877
- SUSE Bug 1017642