librabbitmq-0.8.0-3.el7

エラータID: AXSA:2020-608:01

Release date: 
Wednesday, October 7, 2020 - 05:01
Subject: 
librabbitmq-0.8.0-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The librabbitmq packages provide an Advanced Message Queuing Protocol (AMQP) client library that allows you to communicate with AMQP servers using protocol version 0-9-1.

Security Fix(es):

* librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow (CVE-2019-18609)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

Solution: 

Update packages.

CVEs: 
CVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
Additional Info: 

N/A

Download: 

SRPMS
  1. librabbitmq-0.8.0-3.el7.src.rpm
    MD5: 7dcae8b88f997c09f236a45350406e10
    SHA-256: 42297a3abb2a85841899ad0e82b715333a4e8ed65b758b227d6f825d03c4b215
    Size: 462.45 kB

Asianux Server 7 for x86_64
  1. librabbitmq-0.8.0-3.el7.x86_64.rpm
    MD5: 502e7162f5996636a3f0c4b70b8f6187
    SHA-256: f11482cf6e759e30516c6470f51ee7d59c48812dd05905fd94af87329658bfa1
    Size: 36.00 kB
  2. librabbitmq-devel-0.8.0-3.el7.x86_64.rpm
    MD5: 83bd5ddfd47e88f7870f1c2014522439
    SHA-256: 341f1ca052dfb01f461a01b54c0c85f55d5fb18c6affa66e4bbb384644132789
    Size: 35.21 kB
  3. librabbitmq-examples-0.8.0-3.el7.x86_64.rpm
    MD5: c156fe2b40d68545176c5d97878f9312
    SHA-256: 493b15021a45f2cf7cd580b378f3a2968f2284d7642aad63b788f7686a5898ce
    Size: 33.01 kB
  4. librabbitmq-0.8.0-3.el7.i686.rpm
    MD5: ecebb272249e986ef964caaa81194179
    SHA-256: bc649396b8e0744c94808cbf4a652b7a3111bc5ed4e3b36f1defdfb7595ebe1a
    Size: 37.63 kB
  5. librabbitmq-devel-0.8.0-3.el7.i686.rpm
    MD5: fa28fc0ec3bb21d4012b65d34d818f69
    SHA-256: efd7c9abb326eb6fd0bac58347edf25fe8b2daec821d1dc44afce6999fc2d25b
    Size: 35.26 kB