------------------------------------------------------------------------- Debian LTS Advisory DLA-3687-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany December 13, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : rabbitmq-server Version : 3.8.2-1+deb10u2 CVE ID : CVE-2023-46118 Debian Bug : 1056723 RabbitMQ is a multi-protocol messaging and streaming broker. The HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages by an authenticated user with sufficient credentials. For Debian 10 buster, this problem has been fixed in version 3.8.2-1+deb10u2. We recommend that you upgrade your rabbitmq-server packages. For the detailed security status of rabbitmq-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rabbitmq-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part