Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

openSUSE: 2017:0306-1 Important RabbitMQ Authentication Risk

opensuse
Calendar Grey January 27, 2017
Dist Opensuse Esm H88
Enhancements to Fedora address critical vulnerabilities in nginx related to security protocols. Discover the details!
An update that fixes one vulnerability is now available.

Description

This update for rabbitmq-server fixes the following issue:

- CVE-2016-9877: An issue in Pivotal RabbitMQ caused connection

authentication with a username/password pair to succeed if an existing

username was provided but the password is omitted from the connection

request. Connections that use TLS with a client-provided certificate

were not affected (bsc#1017642).

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-156=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (x86_64):

erlang-rabbitmq-client-3.5.8-3.2

rabbitmq-server-3.5.8-3.2

rabbitmq-server-plugins-3.5.8-3.2

References

https://www.suse.com/security/cve/CVE-2016-9877.html

https://bugzilla.suse.com/1017642

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:0306-1
Rating: important
Affected Products: openSUSE Leap 42.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.