Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 797217 (CVE-2021-22116)

Summary: <net-misc/rabbitmq-server-3.8.19: denial of service via crafted AMQP messages (CVE-2021-22116)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: ultrabug
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://tanzu.vmware.com/security/cve-2021-22116
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 799416    
Bug Blocks:    

Description John Helmert III gentoo-dev Security 2021-06-20 22:40:40 UTC
CVE-2021-22116:

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.


Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-07-18 17:56:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc357e6ce980ecef8c70a10cbb550654da494821

commit cc357e6ce980ecef8c70a10cbb550654da494821
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-07-18 17:53:49 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-07-18 17:56:39 +0000

    net-misc/rabbitmq-server: bump to version 3.8.19
    
    Bug: https://bugs.gentoo.org/797217
    Bug: https://bugs.gentoo.org/799416
    Bug: https://bugs.gentoo.org/701252
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-misc/rabbitmq-server/Manifest                  |  1 +
 .../rabbitmq-server/rabbitmq-server-3.8.19.ebuild  | 79 ++++++++++++++++++++++
 2 files changed, 80 insertions(+)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:21:39 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:29:48 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:37:46 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:45:52 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:53:56 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:01:50 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:10:11 UTC
Package list is empty or all packages have requested keywords.
Comment 9 Larry the Git Cow gentoo-dev 2021-10-17 20:39:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e63630841fe7f2e7c049a42f6f22d88d8f7126e

commit 6e63630841fe7f2e7c049a42f6f22d88d8f7126e
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-10-17 16:37:11 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-10-17 20:36:31 +0000

    net-misc/rabbitmq-server: drop 3.8.14
    
    Bug: https://bugs.gentoo.org/799416
    Bug: https://bugs.gentoo.org/797217
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/rabbitmq-server/Manifest                  |  1 -
 .../rabbitmq-server/rabbitmq-server-3.8.14.ebuild  | 78 ----------------------
 2 files changed, 79 deletions(-)