| Package | librabbitmq |
|---|---|
| Version | 0.8.0-1+deb9u1 (stretch), 0.9.0-0.2+deb10u1 (buster) |
| Related CVEs | CVE-2019-18609 CVE-2023-35789 |
Several issues have been found in librabbitmq, a AMQP client library and tools written in C. The issue are related to heap memory corruption due to integer overflow and credential visibility when using the tools on the command line.
For Debian 10 buster, these problems have been fixed in version 0.9.0-0.2+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 0.8.0-1+deb9u1.
We recommend that you upgrade your librabbitmq packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.