| Package | rabbitmq-server |
|---|---|
| Version | 3.6.6+really3.8.9-0+deb9u2 (stretch) |
| Related CVEs | CVE-2023-46118 |
RabbitMQ is a multi-protocol messaging and streaming broker. The HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages by an authenticated user with sufficient credentials.
For Debian 9 stretch, these problems have been fixed in version 3.6.6+really3.8.9-0+deb9u2.
We recommend that you upgrade your rabbitmq-server packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.