ELA-1362-1 librabbitmq security update

integer overflow and credential visibility

2025-03-30
Packagelibrabbitmq
Version0.8.0-1+deb9u1 (stretch), 0.9.0-0.2+deb10u1 (buster)
Related CVEs CVE-2019-18609 CVE-2023-35789


Several issues have been found in librabbitmq, a AMQP client library and tools written in C. The issue are related to heap memory corruption due to integer overflow and credential visibility when using the tools on the command line.



For Debian 10 buster, these problems have been fixed in version 0.9.0-0.2+deb10u1.

For Debian 9 stretch, these problems have been fixed in version 0.8.0-1+deb9u1.

We recommend that you upgrade your librabbitmq packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.