Ubuntu has issued an advisory today (June 24): https://ubuntu.com/security/notices/USN-5004-1 The issue is fixed upstream in 2.8.16. Mageia 7 and Mageia 8 are also affected.
Blocks: (none) => 25970CC: (none) => mageiaWhiteboard: (none) => MGA8TOO, MGA7TOOSeverity: normal => majorStatus comment: (none) => Fixed upstream in 3.8.16
Removing Mageia 7 from whiteboard due to EOL: https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Whiteboard: MGA8TOO, MGA7TOO => MGA8TOO
Fedora has issued an advisory today (July 6): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3GCM7AYCAYK5PUWXDCR7CMTQSERKK4KK/ It fixes two CVEs: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x Details of upstream releases: https://www.rabbitmq.com/news.html https://www.rabbitmq.com/changelog.html https://github.com/rabbitmq/rabbitmq-server/releases
Status comment: Fixed upstream in 3.8.16 => Fixed upstream in 3.8.18Summary: rabbitmq-server new security issue CVE-2021-22116 => rabbitmq-server new security issue CVE-2021-22116 and CVE-2021-3271[89]
updated in cauldron.
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
fixed in mga8 src: - rabbitmq-server-3.8.18-1.mga8
Status comment: Fixed upstream in 3.8.18 => (none)Assignee: java => qa-bugs
MGA8-64 Plasma on Lenovo B50 No installation issues. Ref bug 11054 for tests. # systemctl -l status rabbitmq-server ● rabbitmq-server.service - RabbitMQ broker Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; disabled; vendor preset: disabled) Active: inactive (dead) # systemctl -l start rabbitmq-server # systemctl -l status rabbitmq-server ● rabbitmq-server.service - RabbitMQ broker Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2021-08-03 15:50:25 CEST; 4s ago Main PID: 9700 (beam.smp) Status: "Initialized" Tasks: 27 (limit: 9402) Memory: 92.1M CPU: 7.685s CGroup: /system.slice/rabbitmq-server.service ├─9700 /usr/lib64/erlang/erts-11.1.5/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MMmcs 30 -P 1048576 -t 5000000 -stbt db -zdbbl 128000 -sbwt none> ├─9709 erl_child_setup 1024 ├─9763 inet_gethost 4 └─9764 inet_gethost 4 aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: TLS Library: OpenSSL - OpenSSL 1.1.1k 25 Mar 2021 aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: Doc guides: https://rabbitmq.com/documentation.html aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: Support: https://rabbitmq.com/contact.html aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: Tutorials: https://rabbitmq.com/getstarted.html aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: Monitoring: https://rabbitmq.com/monitoring.html aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: Logs: /var/log/rabbitmq/rabbit@mach5.log aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: /var/log/rabbitmq/rabbit@mach5_upgrade.log aug 03 15:50:19 mach5.hviaene.thuis rabbitmq-server[9700]: Config file(s): /etc/rabbitmq/rabbitmq.conf aug 03 15:50:25 mach5.hviaene.thuis rabbitmq-server[9700]: Starting broker... completed with 0 plugins. aug 03 15:50:25 mach5.hviaene.thuis systemd[1]: Started RabbitMQ broker. # rabbitmq-plugins enable rabbitmq_management Enabling plugins on node rabbit@mach5: rabbitmq_management The following plugins have been configured: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch Applying plugin configuration to rabbit@mach5... The following plugins have been enabled: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch started 3 plugins. Looks OKto me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0390.html
Status: NEW => RESOLVEDResolution: (none) => FIXED