Bug 20122 - rabbitmq-server new security issue CVE-2016-9877
Summary: rabbitmq-server new security issue CVE-2016-9877
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Nicolas Lécureuil
QA Contact: Sec team
URL: https://lwn.net/Vulnerabilities/711583/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-15 00:11 CET by David Walser
Modified: 2017-05-16 16:56 CEST (History)
0 users

See Also:
Source RPM: rabbitmq-server-3.6.2-4.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-01-15 00:11:56 CET 
Debian has issued an advisory on January 13:
https://www.debian.org/security/2017/dsa-3761

The issue is fixed upstream in 3.6.6.
Comment 1 David Walser 2017-03-20 10:56:53 CET 
Fedora has issued an advisory for this on March 19:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FUIFBLEJTOUQXJ2PKWMACABFWNZFPUT5/
Comment 2 Nicolas Lécureuil 2017-05-16 00:08:02 CEST 
Fixed in cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2017-05-16 15:00:37 CEST 
Upload rejected:
http://pkgsubmit.mageia.org/uploads/rejected/cauldron/core/release/20170515220756.neoclust.duvel.22962.youri

The package should be changed to use /run/rabbitmq and a tmpfiles snippet needs to be made to create it.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 4 David Walser 2017-05-16 16:56:36 CEST 
Now fixed in rabbitmq-server-3.6.9-1.mga6 by Nicolas.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.