Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 797217 (CVE-2021-22116) - <net-misc/rabbitmq-server-3.8.19: denial of service via crafted AMQP messages (CVE-2021-22116)
Summary: <net-misc/rabbitmq-server-3.8.19: denial of service via crafted AMQP messages...
Status: RESOLVED FIXED
Alias: CVE-2021-22116
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://tanzu.vmware.com/security/cve...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: CVE-2021-32718, CVE-2021-32719
Blocks:
  Show dependency tree
 
Reported: 2021-06-20 22:40 UTC by John Helmert III
Modified: 2022-06-14 14:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-20 22:40:40 UTC
CVE-2021-22116:

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.


Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-07-18 17:56:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc357e6ce980ecef8c70a10cbb550654da494821

commit cc357e6ce980ecef8c70a10cbb550654da494821
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-07-18 17:53:49 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-07-18 17:56:39 +0000

    net-misc/rabbitmq-server: bump to version 3.8.19
    
    Bug: https://bugs.gentoo.org/797217
    Bug: https://bugs.gentoo.org/799416
    Bug: https://bugs.gentoo.org/701252
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-misc/rabbitmq-server/Manifest                  |  1 +
 .../rabbitmq-server/rabbitmq-server-3.8.19.ebuild  | 79 ++++++++++++++++++++++
 2 files changed, 80 insertions(+)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:21:39 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:29:48 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:37:46 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:45:52 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:53:56 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:01:50 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:10:11 UTC
Package list is empty or all packages have requested keywords.
Comment 9 Larry the Git Cow gentoo-dev 2021-10-17 20:39:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e63630841fe7f2e7c049a42f6f22d88d8f7126e

commit 6e63630841fe7f2e7c049a42f6f22d88d8f7126e
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-10-17 16:37:11 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-10-17 20:36:31 +0000

    net-misc/rabbitmq-server: drop 3.8.14
    
    Bug: https://bugs.gentoo.org/799416
    Bug: https://bugs.gentoo.org/797217
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/rabbitmq-server/Manifest                  |  1 -
 .../rabbitmq-server/rabbitmq-server-3.8.14.ebuild  | 78 ----------------------
 2 files changed, 79 deletions(-)
Comment 10 Gabriel Linder 2022-06-14 10:04:03 UTC
See https://github.com/gentoo/gentoo/pull/25893 which bumps rabbitmq.
Comment 11 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-14 14:47:01 UTC
GLSA vote: no. All done!