Unix News Tutorials Events and Stuff: [USN-7399-1] RabbitMQ Server vulnerability

Monday, March 31, 2025

[USN-7399-1] RabbitMQ Server vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmfq31oFAwAAAAAACgkQCAvK1QvD6SCi
QxAAvNydvDar9NW/K1vbgxcdxNT/geLo5cFAbsZrVFqkUif2qYnZSz9JSG+G5eRyFJDlPpTFmVB1
ao3aCq1R2LPkjb2bV0ZNrSdoER9LkXs9pFzEMUwrrreUbk60JKwH/O+B+SU2YxTWIV2ynvQHZWID
ehfB4yAv2+1nH8TZwyBw5lE1UPyDxNfoUdYM3IdW/UciQY20SqeN8esd4cGRb4Z/aiqha+4qsCDm
WcsUNzCVCMzY/XQG/GldB/9xkx6vq+SgZJY3Lk4caILw1vfmKIfVP9g+gPkhIviir9jgbWHr3XOh
Ov0NZL1RWyZGgxemKia8CIcqHmsV5C9VehyyG7jooYt1MNeGLnrE1XYizW82zUy/BgzDkum0WxOv
F77ryLCnXqxNLmdXw51peQbglmcHlUZESCGMfVxlduVSFkgEIBimFSIAS2SNvUfkkxIURl2nqzNw
fcjwkUlfmbYoQQ+1BKtXmtbP+462y9kgE1W4dluCgI/HAW7wT+tEq9wrBm+R0F+6dyh0eyt98/vz
VwKbejtLIgkKR6WUfLaBiUUDY4P6NZ65qpgGsFsoXNkjVxyndg0hJwWD76UtlwNmyuUw/lNWSeM7
gObQPwqSwLM8ejd5LiCVYj6E/rx++QwZCrGC65CY1IX3XF93Okt+hae87Y/6pmVfty0vT4Tcq3Mv
CXA=
=D5vG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7399-1
March 31, 2025

rabbitmq-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

RabbitMQ Server's management UI could be made to run code via
cross-site scripting (XSS).

Software Description:
- rabbitmq-server: AMQP server written in Erlang

Details:

It was discovered that RabbitMQ Server's management UI did not sanitize
certain input. An attacker could possibly use this issue to inject code
by performing a cross-site scripting (XSS) attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
rabbitmq-server                 3.12.1-1ubuntu2.1

Ubuntu 24.04 LTS
rabbitmq-server                 3.12.1-1ubuntu1.2

Ubuntu 22.04 LTS
rabbitmq-server                 3.9.27-0ubuntu0.2

Ubuntu 20.04 LTS
rabbitmq-server                 3.8.3-0ubuntu0.3

After a standard system update you need to restart RabbitMQ Server to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7399-1
CVE-2025-30219

Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu2.1
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.9.27-0ubuntu0.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.3-0ubuntu0.3

Monday, March 31, 2025

[USN-7399-1] RabbitMQ Server vulnerability

No comments:

Post a Comment