SUSE-FU-2024:2078-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-fu-20242078-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-FU-2024:2078-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-FU-2024:2078-1
- Upstream
- Related
- Published
- 2024-06-19T03:36:36Z
- Modified
- 2025-05-02T04:10:32.346233Z
- Summary
- Feature update for rabbitmq-server313, erlang26, elixir115
- Details
-
This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues:
rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 (jsc#PED-8414):
Security issues fixed:
- CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice (DoS) attacks (bsc#1186203)
- CVE-2021-32718, CVE-2021-32719: Fixed potential for JavaScript code execution in the management UI (bsc#1187818, bsc#1187819)
- CVE-2022-31008: Fixed encryption key used to encrypt the URI was seeded with a predictable secret (bsc#1205267)
- CVE-2023-46118: Fixed HTTP API vulnerability for denial of service (DoS) attacks with very large messages (bsc#1216582)
Other bugs fixed:
- Fixed RabbitMQ maintenance status issue (bsc#1199431)
- Provide user/group for RPM 4.19 (bsc#1219532)
- Fixed
rabbitmqctlcommand foradd_user(bsc#1222591) - Added hardening to systemd service(s) (bsc#1181400)
- Use /run instead of deprecated /var/run in tmpfiles.conf (bsc#1185075)
For the full list of upstream changes of this update between version 3.8.11 and 3.13.1 please consult:
- https://www.rabbitmq.com/release-information
erlang26:
- Provide RPM package as it's a dependency of rabbitmq-server313 (jsc#PED-8414)
elixir115:
- Provide RPM package as needed in some cases by rabbitmq-server313 (jsc#PED-8414)
- References
-
- https://www.suse.com/support/update/announcement/-2024-2078/suse-fu-20242078-1/
- https://bugzilla.suse.com/1181400
- https://bugzilla.suse.com/1185075
- https://bugzilla.suse.com/1186203
- https://bugzilla.suse.com/1187818
- https://bugzilla.suse.com/1187819
- https://bugzilla.suse.com/1199431
- https://bugzilla.suse.com/1205267
- https://bugzilla.suse.com/1216582
- https://bugzilla.suse.com/1219532
- https://bugzilla.suse.com/1222591
- https://www.suse.com/security/cve/CVE-2021-22116
- https://www.suse.com/security/cve/CVE-2021-32718
- https://www.suse.com/security/cve/CVE-2021-32719
- https://www.suse.com/security/cve/CVE-2022-31008
- https://www.suse.com/security/cve/CVE-2023-46118
Affected packages
openSUSE:Leap 15.6
elixir115
Package
- Name
- elixir115
- Purl
- pkg:rpm/opensuse/elixir115&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.15.7-150300.7.5.1
Ecosystem specific
{
"binaries": [
{
"elixir115-doc": "1.15.7-150300.7.5.1",
"erlang26-wx-src": "26.2.1-150300.7.5.1",
"erlang26-observer": "26.2.1-150300.7.5.1",
"erlang26-reltool-src": "26.2.1-150300.7.5.1",
"erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
"erlang26-et-src": "26.2.1-150300.7.5.1",
"rabbitmq-server313": "3.13.1-150600.13.5.3",
"erlang26-debugger": "26.2.1-150300.7.5.1",
"erlang26-observer-src": "26.2.1-150300.7.5.1",
"erlang26-epmd": "26.2.1-150300.7.5.1",
"erlang26-diameter": "26.2.1-150300.7.5.1",
"erlang26-jinterface": "26.2.1-150300.7.5.1",
"erlang26-wx": "26.2.1-150300.7.5.1",
"erlang26-doc": "26.2.1-150300.7.5.1",
"elixir115": "1.15.7-150300.7.5.1",
"erlang26-jinterface-src": "26.2.1-150300.7.5.1",
"erlang26-src": "26.2.1-150300.7.5.1",
"rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
"erlang26-dialyzer-src": "26.2.1-150300.7.5.1",
"erlang26-diameter-src": "26.2.1-150300.7.5.1",
"erlang26-reltool": "26.2.1-150300.7.5.1",
"erlang26-dialyzer": "26.2.1-150300.7.5.1",
"erlang26-et": "26.2.1-150300.7.5.1",
"erlang26": "26.2.1-150300.7.5.1",
"erlang26-debugger-src": "26.2.1-150300.7.5.1"
}
]
}erlang26
Package
- Name
- erlang26
- Purl
- pkg:rpm/opensuse/erlang26&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed26.2.1-150300.7.5.1
Ecosystem specific
{
"binaries": [
{
"elixir115-doc": "1.15.7-150300.7.5.1",
"erlang26-wx-src": "26.2.1-150300.7.5.1",
"erlang26-observer": "26.2.1-150300.7.5.1",
"erlang26-reltool-src": "26.2.1-150300.7.5.1",
"erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
"erlang26-et-src": "26.2.1-150300.7.5.1",
"rabbitmq-server313": "3.13.1-150600.13.5.3",
"erlang26-debugger": "26.2.1-150300.7.5.1",
"erlang26-observer-src": "26.2.1-150300.7.5.1",
"erlang26-epmd": "26.2.1-150300.7.5.1",
"erlang26-diameter": "26.2.1-150300.7.5.1",
"erlang26-jinterface": "26.2.1-150300.7.5.1",
"erlang26-wx": "26.2.1-150300.7.5.1",
"erlang26-doc": "26.2.1-150300.7.5.1",
"elixir115": "1.15.7-150300.7.5.1",
"erlang26-jinterface-src": "26.2.1-150300.7.5.1",
"erlang26-src": "26.2.1-150300.7.5.1",
"rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
"erlang26-dialyzer-src": "26.2.1-150300.7.5.1",
"erlang26-diameter-src": "26.2.1-150300.7.5.1",
"erlang26-reltool": "26.2.1-150300.7.5.1",
"erlang26-dialyzer": "26.2.1-150300.7.5.1",
"erlang26-et": "26.2.1-150300.7.5.1",
"erlang26": "26.2.1-150300.7.5.1",
"erlang26-debugger-src": "26.2.1-150300.7.5.1"
}
]
}rabbitmq-server313
Package
- Name
- rabbitmq-server313
- Purl
- pkg:rpm/opensuse/rabbitmq-server313&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.13.1-150600.13.5.3
Ecosystem specific
{
"binaries": [
{
"elixir115-doc": "1.15.7-150300.7.5.1",
"erlang26-wx-src": "26.2.1-150300.7.5.1",
"erlang26-observer": "26.2.1-150300.7.5.1",
"erlang26-reltool-src": "26.2.1-150300.7.5.1",
"erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
"erlang26-et-src": "26.2.1-150300.7.5.1",
"rabbitmq-server313": "3.13.1-150600.13.5.3",
"erlang26-debugger": "26.2.1-150300.7.5.1",
"erlang26-observer-src": "26.2.1-150300.7.5.1",
"erlang26-epmd": "26.2.1-150300.7.5.1",
"erlang26-diameter": "26.2.1-150300.7.5.1",
"erlang26-jinterface": "26.2.1-150300.7.5.1",
"erlang26-wx": "26.2.1-150300.7.5.1",
"erlang26-doc": "26.2.1-150300.7.5.1",
"elixir115": "1.15.7-150300.7.5.1",
"erlang26-jinterface-src": "26.2.1-150300.7.5.1",
"erlang26-src": "26.2.1-150300.7.5.1",
"rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
"erlang26-dialyzer-src": "26.2.1-150300.7.5.1",
"erlang26-diameter-src": "26.2.1-150300.7.5.1",
"erlang26-reltool": "26.2.1-150300.7.5.1",
"erlang26-dialyzer": "26.2.1-150300.7.5.1",
"erlang26-et": "26.2.1-150300.7.5.1",
"erlang26": "26.2.1-150300.7.5.1",
"erlang26-debugger-src": "26.2.1-150300.7.5.1"
}
]
}SUSE:Linux Enterprise Module for Server Applications 15 SP6
elixir115
Package
- Name
- elixir115
- Purl
- pkg:rpm/suse/elixir115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.15.7-150300.7.5.1
Ecosystem specific
{
"binaries": [
{
"erlang26": "26.2.1-150300.7.5.1",
"erlang26-epmd": "26.2.1-150300.7.5.1",
"erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
"elixir115": "1.15.7-150300.7.5.1",
"rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
"rabbitmq-server313": "3.13.1-150600.13.5.3"
}
]
}erlang26
Package
- Name
- erlang26
- Purl
- pkg:rpm/suse/erlang26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed26.2.1-150300.7.5.1
Ecosystem specific
{
"binaries": [
{
"erlang26": "26.2.1-150300.7.5.1",
"erlang26-epmd": "26.2.1-150300.7.5.1",
"erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
"elixir115": "1.15.7-150300.7.5.1",
"rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
"rabbitmq-server313": "3.13.1-150600.13.5.3"
}
]
}rabbitmq-server313
Package
- Name
- rabbitmq-server313
- Purl
- pkg:rpm/suse/rabbitmq-server313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.13.1-150600.13.5.3
Ecosystem specific
{
"binaries": [
{
"erlang26": "26.2.1-150300.7.5.1",
"erlang26-epmd": "26.2.1-150300.7.5.1",
"erlang-rabbitmq-client313": "3.13.1-150600.13.5.3",
"elixir115": "1.15.7-150300.7.5.1",
"rabbitmq-server313-plugins": "3.13.1-150600.13.5.3",
"rabbitmq-server313": "3.13.1-150600.13.5.3"
}
]
}