SUSE-FU-2024:2078-1: important: Feature update for rabbitmq-server313, erlang26, elixir115
SLE-UPDATES
null at suse.de
Wed Jun 19 08:30:28 UTC 2024
# Feature update for rabbitmq-server313, erlang26, elixir115
Announcement ID: SUSE-FU-2024:2078-1
Rating: important
References:
* bsc#1181400
* bsc#1185075
* bsc#1186203
* bsc#1187818
* bsc#1187819
* bsc#1199431
* bsc#1205267
* bsc#1216582
* bsc#1219532
* bsc#1222591
* jsc#PED-8414
Cross-References:
* CVE-2021-22116
* CVE-2021-32718
* CVE-2021-32719
* CVE-2022-31008
* CVE-2023-46118
CVSS scores:
* CVE-2021-22116 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-22116 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-32718 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
* CVE-2021-32718 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
* CVE-2021-32719 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
* CVE-2021-32719 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
* CVE-2022-31008 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-31008 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-46118 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46118 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves five vulnerabilities, contains one feature and has five
fixes can now be installed.
## Description:
This update for rabbitmq-server313, erlang26, elixir115 fixes the following
issues:
rabbitmq-server was implemented with a parallel versioned RPM package at version
3.13.1 (jsc#PED-8414):
* Security issues fixed:
* CVE-2021-22116: Fixed improper input validation that may lead to Denial of
Sercice (DoS) attacks (bsc#1186203)
* CVE-2021-32718, CVE-2021-32719: Fixed potential for JavaScript code
execution in the management UI (bsc#1187818, bsc#1187819)
* CVE-2022-31008: Fixed encryption key used to encrypt the URI was seeded with
a predictable secret (bsc#1205267)
* CVE-2023-46118: Fixed HTTP API vulnerability for denial of service (DoS)
attacks with very large messages (bsc#1216582)
* Other bugs fixed:
* Fixed RabbitMQ maintenance status issue (bsc#1199431)
* Provide user/group for RPM 4.19 (bsc#1219532)
* Fixed `rabbitmqctl` command for `add_user` (bsc#1222591)
* Added hardening to systemd service(s) (bsc#1181400)
* Use /run instead of deprecated /var/run in tmpfiles.conf (bsc#1185075)
* For the full list of upstream changes of this update between version 3.8.11
and 3.13.1 please consult:
* https://www.rabbitmq.com/release-information
erlang26:
* Provide RPM package as it's a dependency of rabbitmq-server313
(jsc#PED-8414)
elixir115:
* Provide RPM package as needed in some cases by rabbitmq-server313
(jsc#PED-8414)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-2078=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-2078=1 openSUSE-SLE-15.6-2024-2078=1
* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-2078=1
## Package List:
* openSUSE Leap 15.3 (noarch)
* elixir115-doc-1.15.7-150300.7.5.1
* elixir115-1.15.7-150300.7.5.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* erlang26-debugger-26.2.1-150300.7.5.1
* erlang26-dialyzer-debuginfo-26.2.1-150300.7.5.1
* erlang26-diameter-26.2.1-150300.7.5.1
* erlang26-epmd-26.2.1-150300.7.5.1
* erlang26-jinterface-src-26.2.1-150300.7.5.1
* erlang26-reltool-src-26.2.1-150300.7.5.1
* erlang26-et-src-26.2.1-150300.7.5.1
* erlang26-debuginfo-26.2.1-150300.7.5.1
* erlang26-reltool-26.2.1-150300.7.5.1
* erlang26-et-26.2.1-150300.7.5.1
* erlang26-jinterface-26.2.1-150300.7.5.1
* erlang26-epmd-debuginfo-26.2.1-150300.7.5.1
* erlang26-observer-26.2.1-150300.7.5.1
* erlang26-diameter-src-26.2.1-150300.7.5.1
* erlang26-src-26.2.1-150300.7.5.1
* erlang26-debugger-src-26.2.1-150300.7.5.1
* erlang26-debugsource-26.2.1-150300.7.5.1
* erlang26-observer-src-26.2.1-150300.7.5.1
* erlang26-wx-src-26.2.1-150300.7.5.1
* erlang26-dialyzer-src-26.2.1-150300.7.5.1
* erlang26-doc-26.2.1-150300.7.5.1
* erlang26-wx-26.2.1-150300.7.5.1
* erlang26-26.2.1-150300.7.5.1
* erlang26-dialyzer-26.2.1-150300.7.5.1
* erlang26-wx-debuginfo-26.2.1-150300.7.5.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* rabbitmq-server313-plugins-3.13.1-150600.13.5.3
* erlang-rabbitmq-client313-3.13.1-150600.13.5.3
* rabbitmq-server313-3.13.1-150600.13.5.3
* openSUSE Leap 15.6 (noarch)
* elixir115-doc-1.15.7-150300.7.5.1
* rabbitmq-server313-bash-completion-3.13.1-150600.13.5.3
* rabbitmq-server313-zsh-completion-3.13.1-150600.13.5.3
* elixir115-1.15.7-150300.7.5.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* erlang26-debugger-26.2.1-150300.7.5.1
* erlang26-dialyzer-debuginfo-26.2.1-150300.7.5.1
* erlang26-diameter-26.2.1-150300.7.5.1
* erlang26-epmd-26.2.1-150300.7.5.1
* erlang26-jinterface-src-26.2.1-150300.7.5.1
* erlang26-reltool-src-26.2.1-150300.7.5.1
* erlang26-et-src-26.2.1-150300.7.5.1
* erlang26-debuginfo-26.2.1-150300.7.5.1
* erlang26-reltool-26.2.1-150300.7.5.1
* erlang26-et-26.2.1-150300.7.5.1
* erlang26-jinterface-26.2.1-150300.7.5.1
* erlang26-epmd-debuginfo-26.2.1-150300.7.5.1
* erlang26-observer-26.2.1-150300.7.5.1
* erlang26-diameter-src-26.2.1-150300.7.5.1
* erlang26-src-26.2.1-150300.7.5.1
* erlang26-debugger-src-26.2.1-150300.7.5.1
* erlang26-debugsource-26.2.1-150300.7.5.1
* erlang26-observer-src-26.2.1-150300.7.5.1
* erlang26-wx-src-26.2.1-150300.7.5.1
* erlang26-dialyzer-src-26.2.1-150300.7.5.1
* erlang26-doc-26.2.1-150300.7.5.1
* erlang26-wx-26.2.1-150300.7.5.1
* erlang26-26.2.1-150300.7.5.1
* erlang26-dialyzer-26.2.1-150300.7.5.1
* erlang26-wx-debuginfo-26.2.1-150300.7.5.1
* Server Applications Module 15-SP6 (noarch)
* elixir115-1.15.7-150300.7.5.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server313-plugins-3.13.1-150600.13.5.3
* rabbitmq-server313-3.13.1-150600.13.5.3
* erlang26-debugsource-26.2.1-150300.7.5.1
* erlang-rabbitmq-client313-3.13.1-150600.13.5.3
* erlang26-debuginfo-26.2.1-150300.7.5.1
* erlang26-epmd-26.2.1-150300.7.5.1
* erlang26-epmd-debuginfo-26.2.1-150300.7.5.1
* erlang26-26.2.1-150300.7.5.1
## References:
* https://www.suse.com/security/cve/CVE-2021-22116.html
* https://www.suse.com/security/cve/CVE-2021-32718.html
* https://www.suse.com/security/cve/CVE-2021-32719.html
* https://www.suse.com/security/cve/CVE-2022-31008.html
* https://www.suse.com/security/cve/CVE-2023-46118.html
* https://bugzilla.suse.com/show_bug.cgi?id=1181400
* https://bugzilla.suse.com/show_bug.cgi?id=1185075
* https://bugzilla.suse.com/show_bug.cgi?id=1186203
* https://bugzilla.suse.com/show_bug.cgi?id=1187818
* https://bugzilla.suse.com/show_bug.cgi?id=1187819
* https://bugzilla.suse.com/show_bug.cgi?id=1199431
* https://bugzilla.suse.com/show_bug.cgi?id=1205267
* https://bugzilla.suse.com/show_bug.cgi?id=1216582
* https://bugzilla.suse.com/show_bug.cgi?id=1219532
* https://bugzilla.suse.com/show_bug.cgi?id=1222591
* https://jira.suse.com/browse/PED-8414
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240619/7ee2170c/attachment.htm>
More information about the sle-updates
mailing list