librabbitmq-0.9.0-2.el8
エラータID: AXSA:2021-1184:01
The librabbitmq packages provide an Advanced Message Queuing Protocol (AMQP) client library that allows you to communicate with AMQP servers using protocol version 0-9-1.
Security Fix(es):
* librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow (CVE-2019-18609)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
Update packages.
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
N/A
SRPMS
- librabbitmq-0.9.0-2.el8.src.rpm
MD5: acad3f1ee01e258d06c305932811621e
SHA-256: fe712f4e6cf9f76c697365c9f7359e4cf0bcbdf8716fc9c7770bb394698f58ef
Size: 154.15 kB
Asianux Server 8 for x86_64
- librabbitmq-0.9.0-2.el8.x86_64.rpm
MD5: dc9249877cfb39ad33c4c6b446c29211
SHA-256: 67401f64952d551cce1b8670d1add7fa7ca55128edf8021bafc525e4c2da261f
Size: 45.61 kB - librabbitmq-0.9.0-2.el8.i686.rpm
MD5: 531d119ff743b36805637b3dd3823ff8
SHA-256: 7043f53cfa1ac94440c1f04a070dad58488bf0327f152dc23e91b1a496e85134
Size: 50.19 kB