RHSA-2017:0533 - Security Advisory
Moderate: rabbitmq-server security update
Security Advisory: Moderate
An update for rabbitmq-server is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker.
- A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large. (CVE-2015-8786)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
- Red Hat OpenStack 5.0 for RHEL 6 x86_64
- BZ - 1404150 - CVE-2015-8786 rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin
Red Hat OpenStack 5.0 for RHEL 6