Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
100

SUSE Linux Server 15 SP7: 2025:01548-1 moderate: rabbitmq-server313 XSS

* bsc#1231656 * bsc#1234763 * bsc#1240071 Cross-References: . # Security update for rabbitmq-server313 Announcement ID: SUSE-SU-2025:01548-1 Release Date: 2025-06-11T12:47:31Z Rating: moderate References: * bsc#1231656 * bsc#1234763 * bsc#1240071 Cross-References: * CVE-2025-30219 CVSS scores: * CVE-2025-30219 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30219 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2025-30219 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for rabbitmq-server313 fixes the following issues: * CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. (bsc#1240071) Non-security fixes: * Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. (bsc#1231656, bsc#1234763) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-1548=1 ## Package List: * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rabbitmq-server313-3.13.1-150600.13.8.1 * rabbitmq-server313-plugins-3.13.1-150600.13.8.1 * erlang-rabbitmq-client313-3.13.1-150600.13.8.1 * Server Applications Module 15-SP7 (noarch) * rabbitmq-server313-bash-completion-3.13.1-150600.13.8.1 * rabbitmq-server313-zsh-completion-3.13.1-150600.13.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30219.html *https://bugzilla.suse.com/show_bug.cgi?id=1231656 * https://bugzilla.suse.com/show_bug.cgi?id=1234763 * https://bugzilla.suse.com/show_bug.cgi?id=1240071 . The latest patch for rabbitmq-server313 mitigates an XSS vulnerability in SUSE Linux, categorized as moderate severity.. distributed server updates,rabbitmq security,SUSE patches,XSS vulnerabilities,server application fixes. . LinuxSecurity.com Team

Calendar%202 Jun 11, 2025 SuSE
87

Debian 11 DSA-5571-1: RabbitMQ Server Denial of Service Threat

It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5571-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rabbitmq-server CVE ID : CVE-2023-46118 It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 3.8.9-3+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 3.10.8-1.1+deb12u1. We recommend that you upgrade your rabbitmq-server packages. For the detailed security status of rabbitmq-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rabbitmq-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Alert: RabbitMQ vulnerability detected, posing risks for input verification and potential downtime. Immediate action is recommended.. RabbitMQ Security Update, Debian DSA-5571-1, AMQP Protocol Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 01, 2023 Important Debian
172

Ubuntu 16.04 LTS USN-6265-1 Moderate: RabbitMQ Information Exposure

RabbitMQ could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-6265-1 July 31, 2023 rabbitmq-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: RabbitMQ could be made to expose sensitive information. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6265-1 CVE-2017-4966 . Ubuntu USN-6270-1 addresses a critical vulnerability in the PostgreSQL database server that could lead to unauthorized data access.. RabbitMQ Information Exposure, Ubuntu Security Notice, Software Vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 31, 2023 Important Ubuntu
100

SUSE Linux 15-SP3: 2021:3325-1 Moderate RabbitMQ DoS and XSS Fix

An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3325-1 Rating: moderate References: #1185075 #1186203 #1187818 #1187819 Cross-References: CVE-2021-22116 CVE-2021-32718 CVE-2021-32719 CVSS scores: CVE-2021-22116 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22116 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32718 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N CVE-2021-32719 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI (bsc#1187818). - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin (bsc#1187819). - CVE-2021-22116: Fixed improper input validation may lead to DoS (bsc#1186203). - Use /run instead of /var/run in tmpfiles.d configuration (bsc#1185075). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3325=1 Package List: - SUSE LinuxEnterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-3.3.3 rabbitmq-server-3.8.11-3.3.3 rabbitmq-server-plugins-3.8.11-3.3.3 References: https://www.suse.com/security/cve/CVE-2021-22116.html https://www.suse.com/security/cve/CVE-2021-32718.html https://www.suse.com/security/cve/CVE-2021-32719.html https://bugzilla.suse.com/1185075 https://bugzilla.suse.com/1186203 https://bugzilla.suse.com/1187818 https://bugzilla.suse.com/1187819 . A recent SUSE patch addresses various vulnerabilities found in rabbitmq-server, categorizing them as moderate risk. Implement the updates promptly.. SUSE Security Update,rabbitmq-server,server application fixes,security advisory. . LinuxSecurity.com Team

Calendar%202 Oct 09, 2021 SuSE
197

Ubuntu 20.04: ASA-5012-3 Urgent MySQL Server SQL Injection Vulnerabilities

Several vulnerabilities were discovered in rabbitmq-server, a message-broker software. CVE-2017-4965 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2710-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA July 19, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : rabbitmq-server Version : 3.6.6-1+deb9u1 CVE ID : CVE-2017-4965 CVE-2017-4966 CVE-2017-4967 CVE-2019-11281 CVE-2019-11287 CVE-2021-22116 Several vulnerabilities were discovered in rabbitmq-server, a message-broker software. CVE-2017-4965 Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. CVE-2017-4966 RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack CVE-2017-4967 Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. CVE-2019-11281 The virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information CVE-2019-11287 The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. CVE-2021-22116 A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance. For Debian 9 stretch, these problems have been fixed in version 3.6.6-1+deb9u1. We recommend that you upgrade your rabbitmq-server packages. For the detailed security status of rabbitmq-server please refer to its security trackerpage at: https://security-tracker.debian.org/tracker/source-package/rabbitmq-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Essential security patch for rabbitmq-server resolves various XSS vulnerabilities and remote exploitation risks. Users are advised to update promptly.. Debian, RabbitMQ Server, Security Update, XSS Attacks, Remote Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 19, 2021 Critical Debian LTS
198

Arch Linux: 202107-17 Low: Rabbitmq Cross-Site Scripting Advisory

The package rabbitmq before version 3.8.19-1 is vulnerable to cross- site scripting. . Arch Linux Security Advisory ASA-202107-17 ========================================= Severity: Low Date : 2021-07-06 CVE-ID : CVE-2021-32718 CVE-2021-32719 Package : rabbitmq Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2109 Summary ====== The package rabbitmq before version 3.8.19-1 is vulnerable to cross-site scripting. Resolution ========= Upgrade to 3.8.19-1. # pacman -Syu "rabbitmq> =3.8.19-1" The problems have been fixed upstream in version 3.8.19. Workaround ========= As a workaround, disable the rabbitmq_management plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. Description ========== - CVE-2021-32718 (cross-site scripting) In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). - CVE-2021-32719 (cross-site scripting) In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management plugin, its consumer tag was rendered without proper tag sanitization, potentially allowing for JavaScript code execution in the context of the page. Impact ===== Crafted user banes and federation links could be used to inject arbitrary JavaScript code into the management webUI. References ========= https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 https://github.com/rabbitmq/rabbitmq-server/pull/3028 https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x https://github.com/rabbitmq/rabbitmq-server/pull/3122 https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 https://security.archlinux.org/CVE-2021-32718 https://security.archlinux.org/CVE-2021-32719 . Debian Security Advisory DSA-2021-23 highlights vulnerabilities in OpenSSH versions before 8.6p1-1.. Arch Linux,rabbitmq,cross-site scripting,security advisory,upgrade. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jul 09, 2021 Low ArchLinux
172

Ubuntu 21.04: USN-5004-1 Critical: RabbitMQ Denial Of Service

Several security issues were fixed in rabbitmq-server.. =========================================================================Ubuntu Security Notice USN-5004-1 June 24, 2021 rabbitmq-server vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in rabbitmq-server. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287) Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-22116) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: rabbitmq-server 3.8.9-2ubuntu0.1 Ubuntu 20.10: rabbitmq-server 3.8.5-1ubuntu0.2 Ubuntu 20.04 LTS: rabbitmq-server 3.8.2-0ubuntu1.3 Ubuntu 18.04 LTS: rabbitmq-server 3.6.10-1ubuntu0.5 Ubuntu 16.04 ESM: rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm1 In general, a standard system update will make all the necessary changes. References: CVE-2019-11287, CVE-2021-22116 Package Information: https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.9-2ubuntu0.1 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.5-1ubuntu0.2 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.2-0ubuntu1.3 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.6.10-1ubuntu0.5 . Stay informed on the RabbitMQ security flaws impacting various Ubuntu versions and discover prompt mitigation strategies.. RabbitMQ Security, Ubuntu Updates, DenialOf Service Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 24, 2021 Critical Ubuntu
198

Arch Linux: 202110-15 Critical: MySQL Server Security Flaw Advisory

The package rabbitmq before version 3.8.16-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-202106-17 ========================================= Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-22116 Package : rabbitmq Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1966 Summary ====== The package rabbitmq before version 3.8.16-1 is vulnerable to denial of service. Resolution ========= Upgrade to 3.8.16-1. # pacman -Syu "rabbitmq> =3.8.16-1" The problem has been fixed upstream in version 3.8.16. Workaround ========= None. Description ========== RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. An attacker can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. Impact ===== A remote attacker could crash the RabbitMQ server through crafted AMQP messages. References ========= https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24013 https://security.archlinux.org/CVE-2021-22116 . Immediate notice for Arch Linux RabbitMQ administrators: Ensure you upgrade to fix the denial of service vulnerability that surfaced in June 2021.. Arch Linux, RabbitMQ, Denial of Service, Security Advisory, Software Update. . Severity: Medium. LinuxSecurity.com Team

Calendar%202 Jun 03, 2021 Medium ArchLinux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200