This bug was fixed in the package rabbitmq-server - 3.2.4-1ubuntu0.1 --------------- rabbitmq-server (3.2.4-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: authentication bypass (LP: #1706900) - debian/patches/CVE-2016-9877.patch: fix password check in plugins-src/rabbitmq-mqtt/src/rabbit_mqtt_processor.erl, add test to plugins-src/rabbitmq-mqtt/test/src/com/rabbitmq/mqtt/test/MqttTest.java, fix URL in plugins-src/rabbitmq-mqtt/test/Makefile. - CVE-2016-9877 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 27 Jul 2017 14:48:35 -0400 ** Changed in: rabbitmq-server (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1706900 Title: CVE-2016-9877 RabbitMQ authentication vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs