ArchLinux: 202106-17: rabbitmq: denial of service
Summary
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service
vulnerability due to improper input validation in AMQP 1.0 client
connection endpoint.
An attacker can exploit the vulnerability by sending malicious AMQP
messages to the target RabbitMQ instance having the AMQP 1.0 plugin
enabled.
Resolution
Upgrade to 3.8.16-1.
# pacman -Syu "rabbitmq>=3.8.16-1"
The problem has been fixed upstream in version 3.8.16.
References
https://tanzu.vmware.com/security/cve-2021-22116 https://security.archlinux.org/CVE-2021-22116
Workaround
None.