{"id":17904,"date":"2017-08-01T03:36:16","date_gmt":"2017-07-31T18:36:16","guid":{"rendered":"https:\/\/jirak.net\/wp\/usn-3374-1-rabbitmq-vulnerability\/"},"modified":"2017-08-01T03:36:17","modified_gmt":"2017-07-31T18:36:17","slug":"usn-3374-1-rabbitmq-vulnerability","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/usn-3374-1-rabbitmq-vulnerability\/","title":{"rendered":"USN-3374-1: RabbitMQ vulnerability"},"content":{"rendered":"<p>USN-3374-1: RabbitMQ vulnerability<\/p>\n<h2>Ubuntu Security Notice USN-3374-1<\/h2>\n<p><em>31st July, 2017<\/em><\/p>\n<h3>rabbitmq-server vulnerability<\/h3>\n<p>A security issue affects these releases of Ubuntu and its<br \/>\n    derivatives:<\/p>\n<ul>\n<li>Ubuntu 16.04 LTS<\/li>\n<li>Ubuntu 14.04 LTS<\/li>\n<\/ul>\n<h3>Summary<\/h3>\n<p>RabbitMQ could allow unintended access to network services.\n<\/p>\n<h3>Software description<\/h3>\n<ul>\n<li>rabbitmq-server<br \/>\n    &#8211; AMQP server written in Erlang<\/p>\n<\/li>\n<\/ul>\n<h3>Details<\/h3>\n<p>It was discovered that RabbitMQ incorrectly handled MQTT (MQ Telemetry<br \/>Transport) authentication. A remote attacker could use this issue to<br \/>authenticate successfully with an existing username by omitting the<br \/>password.<\/p>\n<h3>Update instructions<\/h3>\n<p> The problem can be corrected by updating your system to the following<br \/>\npackage version:<\/p>\n<dl>\n<dt>Ubuntu 16.04 LTS:<\/dt>\n<dd>\n    <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/rabbitmq-server\">rabbitmq-server<\/a><br \/>\n    <span><br \/>\n        <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/rabbitmq-server\/3.5.7-1ubuntu0.16.04.2\">3.5.7-1ubuntu0.16.04.2<\/a><br \/>\n    <\/span>\n  <\/dd>\n<dt>Ubuntu 14.04 LTS:<\/dt>\n<dd>\n    <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/rabbitmq-server\">rabbitmq-server<\/a><br \/>\n    <span><br \/>\n        <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/rabbitmq-server\/3.2.4-1ubuntu0.1\">3.2.4-1ubuntu0.1<\/a><br \/>\n    <\/span>\n  <\/dd>\n<\/dl>\n<p>To update your system, please follow these instructions:<br \/>\n<a href=\"https:\/\/wiki.ubuntu.com\/Security\/Upgrades\">https:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.\n<\/p>\n<p>In general, a standard system update will make all the necessary changes.<\/p>\n<h3>References<\/h3>\n<p>        <a href=\"http:\/\/people.ubuntu.com\/~ubuntu-security\/cve\/CVE-2016-9877\">CVE-2016-9877<\/a><\/p>\n<p>Source: <a href=\"http:\/\/www.ubuntu.com\/usn\/usn-3374-1\/\" target=\"_blank\">USN-3374-1: RabbitMQ vulnerability<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>USN-3374-1: RabbitMQ vulnerability Ubuntu Security Notice USN-3374-1 31st July, 2017 rabbitmq-server vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary RabbitMQ could allow unintended access to network services. Software description rabbitmq-server &#8211; AMQP server written in Erlang Details It was discovered that RabbitMQ incorrectly handled MQTT (MQ TelemetryTransport) authentication. A remote attacker could use this issue toauthenticate successfully with an existing username by omitting thepassword. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: rabbitmq-server 3.5.7-1ubuntu0.16.04.2 Ubuntu 14.04 LTS: rabbitmq-server 3.2.4-1ubuntu0.1 To update your system, please follow these instructions: https:\/\/wiki.ubuntu.com\/Security\/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-9877 Source: USN-3374-1: RabbitMQ vulnerability<\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-17904","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/17904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=17904"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/17904\/revisions"}],"predecessor-version":[{"id":17905,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/17904\/revisions\/17905"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=17904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=17904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=17904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}