SUSE-FU-2024:2078-1

Source
https://www.suse.com/support/update/announcement/2024/suse-fu-20242078-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-FU-2024:2078-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-FU-2024:2078-1
Related
Published
2024-06-19T03:36:36Z
Modified
2024-06-19T03:36:36Z
Summary
Feature update for rabbitmq-server313, erlang26, elixir115
Details

This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues:

rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 (jsc#PED-8414):

  • Security issues fixed:

    • CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice (DoS) attacks (bsc#1186203)
    • CVE-2021-32718, CVE-2021-32719: Fixed potential for JavaScript code execution in the management UI (bsc#1187818, bsc#1187819)
    • CVE-2022-31008: Fixed encryption key used to encrypt the URI was seeded with a predictable secret (bsc#1205267)
    • CVE-2023-46118: Fixed HTTP API vulnerability for denial of service (DoS) attacks with very large messages (bsc#1216582)
  • Other bugs fixed:

    • Fixed RabbitMQ maintenance status issue (bsc#1199431)
    • Provide user/group for RPM 4.19 (bsc#1219532)
    • Fixed rabbitmqctl command for add_user (bsc#1222591)
    • Added hardening to systemd service(s) (bsc#1181400)
    • Use /run instead of deprecated /var/run in tmpfiles.conf (bsc#1185075)
  • For the full list of upstream changes of this update between version 3.8.11 and 3.13.1 please consult:

    • https://www.rabbitmq.com/release-information

erlang26:

  • Provide RPM package as it's a dependency of rabbitmq-server313 (jsc#PED-8414)

elixir115:

  • Provide RPM package as needed in some cases by rabbitmq-server313 (jsc#PED-8414)
References

Affected packages

SUSE:Linux Enterprise Module for Server Applications 15 SP6 / elixir115

Package

Name
elixir115
Purl
pkg:rpm/suse/elixir115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.7-150300.7.5.1

Ecosystem specific

{
    "binaries": [
        {
            "erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
            "erlang26-epmd": "26.2.1-150300.7.5.1",
            "elixir115": "1.15.7-150300.7.5.1",
            "rabbitmq-server313": "3.13.1-150600.13.5.3",
            "rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
            "erlang26": "26.2.1-150300.7.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP6 / erlang26

Package

Name
erlang26
Purl
pkg:rpm/suse/erlang26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.2.1-150300.7.5.1

Ecosystem specific

{
    "binaries": [
        {
            "erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
            "erlang26-epmd": "26.2.1-150300.7.5.1",
            "elixir115": "1.15.7-150300.7.5.1",
            "rabbitmq-server313": "3.13.1-150600.13.5.3",
            "rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
            "erlang26": "26.2.1-150300.7.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP6 / rabbitmq-server313

Package

Name
rabbitmq-server313
Purl
pkg:rpm/suse/rabbitmq-server313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.1-150600.13.5.3

Ecosystem specific

{
    "binaries": [
        {
            "erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
            "erlang26-epmd": "26.2.1-150300.7.5.1",
            "elixir115": "1.15.7-150300.7.5.1",
            "rabbitmq-server313": "3.13.1-150600.13.5.3",
            "rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
            "erlang26": "26.2.1-150300.7.5.1"
        }
    ]
}

openSUSE:Leap 15.6 / elixir115

Package

Name
elixir115
Purl
pkg:rpm/opensuse/elixir115&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.7-150300.7.5.1

Ecosystem specific

{
    "binaries": [
        {
            "erlang26-dialyzer-src": "26.2.1-150300.7.5.1",
            "erlang26-epmd": "26.2.1-150300.7.5.1",
            "erlang26-jinterface-src": "26.2.1-150300.7.5.1",
            "erlang26-reltool": "26.2.1-150300.7.5.1",
            "erlang26": "26.2.1-150300.7.5.1",
            "erlang26-et": "26.2.1-150300.7.5.1",
            "erlang26-debugger": "26.2.1-150300.7.5.1",
            "erlang26-dialyzer": "26.2.1-150300.7.5.1",
            "erlang26-jinterface": "26.2.1-150300.7.5.1",
            "elixir115": "1.15.7-150300.7.5.1",
            "rabbitmq-server313": "3.13.1-150600.13.5.3",
            "rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
            "erlang26-observer-src": "26.2.1-150300.7.5.1",
            "elixir115-doc": "1.15.7-150300.7.5.1",
            "erlang26-wx": "26.2.1-150300.7.5.1",
            "erlang26-reltool-src": "26.2.1-150300.7.5.1",
            "erlang26-debugger-src": "26.2.1-150300.7.5.1",
            "erlang26-observer": "26.2.1-150300.7.5.1",
            "erlang26-doc": "26.2.1-150300.7.5.1",
            "erlang26-src": "26.2.1-150300.7.5.1",
            "erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
            "erlang26-diameter": "26.2.1-150300.7.5.1",
            "erlang26-wx-src": "26.2.1-150300.7.5.1",
            "erlang26-diameter-src": "26.2.1-150300.7.5.1",
            "erlang26-et-src": "26.2.1-150300.7.5.1"
        }
    ]
}

openSUSE:Leap 15.6 / erlang26

Package

Name
erlang26
Purl
pkg:rpm/opensuse/erlang26&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.2.1-150300.7.5.1

Ecosystem specific

{
    "binaries": [
        {
            "erlang26-dialyzer-src": "26.2.1-150300.7.5.1",
            "erlang26-epmd": "26.2.1-150300.7.5.1",
            "erlang26-jinterface-src": "26.2.1-150300.7.5.1",
            "erlang26-reltool": "26.2.1-150300.7.5.1",
            "erlang26": "26.2.1-150300.7.5.1",
            "erlang26-et": "26.2.1-150300.7.5.1",
            "erlang26-debugger": "26.2.1-150300.7.5.1",
            "erlang26-dialyzer": "26.2.1-150300.7.5.1",
            "erlang26-jinterface": "26.2.1-150300.7.5.1",
            "elixir115": "1.15.7-150300.7.5.1",
            "rabbitmq-server313": "3.13.1-150600.13.5.3",
            "rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
            "erlang26-observer-src": "26.2.1-150300.7.5.1",
            "elixir115-doc": "1.15.7-150300.7.5.1",
            "erlang26-wx": "26.2.1-150300.7.5.1",
            "erlang26-reltool-src": "26.2.1-150300.7.5.1",
            "erlang26-debugger-src": "26.2.1-150300.7.5.1",
            "erlang26-observer": "26.2.1-150300.7.5.1",
            "erlang26-doc": "26.2.1-150300.7.5.1",
            "erlang26-src": "26.2.1-150300.7.5.1",
            "erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
            "erlang26-diameter": "26.2.1-150300.7.5.1",
            "erlang26-wx-src": "26.2.1-150300.7.5.1",
            "erlang26-diameter-src": "26.2.1-150300.7.5.1",
            "erlang26-et-src": "26.2.1-150300.7.5.1"
        }
    ]
}

openSUSE:Leap 15.6 / rabbitmq-server313

Package

Name
rabbitmq-server313
Purl
pkg:rpm/opensuse/rabbitmq-server313&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.1-150600.13.5.3

Ecosystem specific

{
    "binaries": [
        {
            "erlang26-dialyzer-src": "26.2.1-150300.7.5.1",
            "erlang26-epmd": "26.2.1-150300.7.5.1",
            "erlang26-jinterface-src": "26.2.1-150300.7.5.1",
            "erlang26-reltool": "26.2.1-150300.7.5.1",
            "erlang26": "26.2.1-150300.7.5.1",
            "erlang26-et": "26.2.1-150300.7.5.1",
            "erlang26-debugger": "26.2.1-150300.7.5.1",
            "erlang26-dialyzer": "26.2.1-150300.7.5.1",
            "erlang26-jinterface": "26.2.1-150300.7.5.1",
            "elixir115": "1.15.7-150300.7.5.1",
            "rabbitmq-server313": "3.13.1-150600.13.5.3",
            "rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
            "erlang26-observer-src": "26.2.1-150300.7.5.1",
            "elixir115-doc": "1.15.7-150300.7.5.1",
            "erlang26-wx": "26.2.1-150300.7.5.1",
            "erlang26-reltool-src": "26.2.1-150300.7.5.1",
            "erlang26-debugger-src": "26.2.1-150300.7.5.1",
            "erlang26-observer": "26.2.1-150300.7.5.1",
            "erlang26-doc": "26.2.1-150300.7.5.1",
            "erlang26-src": "26.2.1-150300.7.5.1",
            "erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
            "erlang26-diameter": "26.2.1-150300.7.5.1",
            "erlang26-wx-src": "26.2.1-150300.7.5.1",
            "erlang26-diameter-src": "26.2.1-150300.7.5.1",
            "erlang26-et-src": "26.2.1-150300.7.5.1"
        }
    ]
}