[Group.of.nepali.translators] [Bug 1706900] Re: CVE-2016-9877 RabbitMQ authentication vulnerability

Thu, 27 Jul 2017 11:46:36 -0700 

** Also affects: rabbitmq-server (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: rabbitmq-server (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: rabbitmq-server (Ubuntu)
       Status: Triaged => Fix Released

** Changed in: rabbitmq-server (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: rabbitmq-server (Ubuntu Xenial)
       Status: New => Confirmed

** Changed in: rabbitmq-server (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: rabbitmq-server (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: rabbitmq-server (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: rabbitmq-server (Ubuntu Xenial)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1706900

Title:
  CVE-2016-9877 RabbitMQ authentication vulnerability

Status in RabbitMQ:
  Fix Released
Status in rabbitmq-server package in Ubuntu:
  Fix Released
Status in rabbitmq-server source package in Trusty:
  Confirmed
Status in rabbitmq-server source package in Xenial:
  Confirmed

Bug description:
  https://pivotal.io/security/cve-2016-9877

    "MQTT (MQ Telemetry Transport) connection authentication with a
  username/password pair succeeds if an existing username is provided
  but the password is omitted from the connection request. Connections
  that use TLS with a client-provided certificate are not affected."

  Affects RabbitMQ "3.x versions prior to 3.5.8"

  Ubuntu's Xenial repos are currently offering 3.5.7-1ubuntu0.16.04.1,
  and according to its changelog, Pivotal's fix for CVE-2016-9877 has
  not been included.

To manage notifications about this bug go to:
https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to