- Issued:
- 2017-03-15
- Updated:
- 2017-03-15
RHSA-2017:0530 - Security Advisory
Synopsis
Moderate: rabbitmq-server security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for rabbitmq-server is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker.
Security Fix(es):
- A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large. (CVE-2015-8786)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat OpenStack 7 x86_64
Fixes
- BZ - 1404150 - CVE-2015-8786 rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin
- BZ - 1405211 - RabbitMQ logs are not rotated properly
CVEs
Red Hat OpenStack 7
| SRPM | |
|---|---|
| rabbitmq-server-3.3.5-31.el7ost.src.rpm | SHA-256: fc73c8b71b012c940f5eda70856f57c2942508b0520b892b9f759b773061722b |
| x86_64 | |
| rabbitmq-server-3.3.5-31.el7ost.noarch.rpm | SHA-256: c199e14bb5ce2f85c6b9448873ac7dc004eb89f330ee7873cbd82cc1dc525a6d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
