Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1231656 * bsc#1234763 * bsc#1240071 Cross-References: . # Security update for rabbitmq-server313 Announcement ID: SUSE-SU-2025:01548-1 Release Date: 2025-06-11T12:47:31Z Rating: moderate References: * bsc#1231656 * bsc#1234763 * bsc#1240071 Cross-References: * CVE-2025-30219 CVSS scores: * CVE-2025-30219 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30219 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2025-30219 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for rabbitmq-server313 fixes the following issues: * CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. (bsc#1240071) Non-security fixes: * Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. (bsc#1231656, bsc#1234763) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-1548=1 ## Package List: * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rabbitmq-server313-3.13.1-150600.13.8.1 * rabbitmq-server313-plugins-3.13.1-150600.13.8.1 * erlang-rabbitmq-client313-3.13.1-150600.13.8.1 * Server Applications Module 15-SP7 (noarch) * rabbitmq-server313-bash-completion-3.13.1-150600.13.8.1 * rabbitmq-server313-zsh-completion-3.13.1-150600.13.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30219.html *https://bugzilla.suse.com/show_bug.cgi?id=1231656 * https://bugzilla.suse.com/show_bug.cgi?id=1234763 * https://bugzilla.suse.com/show_bug.cgi?id=1240071 . The latest patch for rabbitmq-server313 mitigates an XSS vulnerability in SUSE Linux, categorized as moderate severity.. distributed server updates,rabbitmq security,SUSE patches,XSS vulnerabilities,server application fixes. . LinuxSecurity.com Team
It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5571-1
RabbitMQ could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-6265-1 July 31, 2023 rabbitmq-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: RabbitMQ could be made to expose sensitive information. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6265-1 CVE-2017-4966 . Ubuntu USN-6270-1 addresses a critical vulnerability in the PostgreSQL database server that could lead to unauthorized data access.. RabbitMQ Information Exposure, Ubuntu Security Notice, Software Vulnerability. . Severity: Important. LinuxSecurity.com Team
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3325-1 Rating: moderate References: #1185075 #1186203 #1187818 #1187819 Cross-References: CVE-2021-22116 CVE-2021-32718 CVE-2021-32719 CVSS scores: CVE-2021-22116 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22116 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32718 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N CVE-2021-32719 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI (bsc#1187818). - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin (bsc#1187819). - CVE-2021-22116: Fixed improper input validation may lead to DoS (bsc#1186203). - Use /run instead of /var/run in tmpfiles.d configuration (bsc#1185075). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3325=1 Package List: - SUSE LinuxEnterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-3.3.3 rabbitmq-server-3.8.11-3.3.3 rabbitmq-server-plugins-3.8.11-3.3.3 References: https://www.suse.com/security/cve/CVE-2021-22116.html https://www.suse.com/security/cve/CVE-2021-32718.html https://www.suse.com/security/cve/CVE-2021-32719.html https://bugzilla.suse.com/1185075 https://bugzilla.suse.com/1186203 https://bugzilla.suse.com/1187818 https://bugzilla.suse.com/1187819 . A recent SUSE patch addresses various vulnerabilities found in rabbitmq-server, categorizing them as moderate risk. Implement the updates promptly.. SUSE Security Update,rabbitmq-server,server application fixes,security advisory. . LinuxSecurity.com Team
Several vulnerabilities were discovered in rabbitmq-server, a message-broker software. CVE-2017-4965 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2710-1
The package rabbitmq before version 3.8.19-1 is vulnerable to cross- site scripting. . Arch Linux Security Advisory ASA-202107-17 ========================================= Severity: Low Date : 2021-07-06 CVE-ID : CVE-2021-32718 CVE-2021-32719 Package : rabbitmq Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2109 Summary ====== The package rabbitmq before version 3.8.19-1 is vulnerable to cross-site scripting. Resolution ========= Upgrade to 3.8.19-1. # pacman -Syu "rabbitmq> =3.8.19-1" The problems have been fixed upstream in version 3.8.19. Workaround ========= As a workaround, disable the rabbitmq_management plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. Description ========== - CVE-2021-32718 (cross-site scripting) In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). - CVE-2021-32719 (cross-site scripting) In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management plugin, its consumer tag was rendered without proper tag sanitization, potentially allowing for JavaScript code execution in the context of the page. Impact ===== Crafted user banes and federation links could be used to inject arbitrary JavaScript code into the management webUI. References ========= https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 https://github.com/rabbitmq/rabbitmq-server/pull/3028 https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x https://github.com/rabbitmq/rabbitmq-server/pull/3122 https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 https://security.archlinux.org/CVE-2021-32718 https://security.archlinux.org/CVE-2021-32719 . Debian Security Advisory DSA-2021-23 highlights vulnerabilities in OpenSSH versions before 8.6p1-1.. Arch Linux,rabbitmq,cross-site scripting,security advisory,upgrade. . Severity: Low. LinuxSecurity.com Team
Several security issues were fixed in rabbitmq-server.. =========================================================================Ubuntu Security Notice USN-5004-1 June 24, 2021 rabbitmq-server vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in rabbitmq-server. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2019-11287) Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-22116) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: rabbitmq-server 3.8.9-2ubuntu0.1 Ubuntu 20.10: rabbitmq-server 3.8.5-1ubuntu0.2 Ubuntu 20.04 LTS: rabbitmq-server 3.8.2-0ubuntu1.3 Ubuntu 18.04 LTS: rabbitmq-server 3.6.10-1ubuntu0.5 Ubuntu 16.04 ESM: rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm1 In general, a standard system update will make all the necessary changes. References: CVE-2019-11287, CVE-2021-22116 Package Information: https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.9-2ubuntu0.1 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.5-1ubuntu0.2 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.2-0ubuntu1.3 https://launchpad.net/ubuntu/+source/rabbitmq-server/3.6.10-1ubuntu0.5 . Stay informed on the RabbitMQ security flaws impacting various Ubuntu versions and discover prompt mitigation strategies.. RabbitMQ Security, Ubuntu Updates, DenialOf Service Fixes. . Severity: Critical. LinuxSecurity.com Team
The package rabbitmq before version 3.8.16-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-202106-17 ========================================= Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-22116 Package : rabbitmq Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1966 Summary ====== The package rabbitmq before version 3.8.16-1 is vulnerable to denial of service. Resolution ========= Upgrade to 3.8.16-1. # pacman -Syu "rabbitmq> =3.8.16-1" The problem has been fixed upstream in version 3.8.16. Workaround ========= None. Description ========== RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. An attacker can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. Impact ===== A remote attacker could crash the RabbitMQ server through crafted AMQP messages. References ========= https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24013 https://security.archlinux.org/CVE-2021-22116 . Immediate notice for Arch Linux RabbitMQ administrators: Ensure you upgrade to fix the denial of service vulnerability that surfaced in June 2021.. Arch Linux, RabbitMQ, Denial of Service, Security Advisory, Software Update. . Severity: Medium. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.