Mirantis OpenStack

Provide updated RabbitMQ package

Bug #1800778 reported by Adam Heczko
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Invalid
Medium
Denis Meltsaykin
Mirantis OpenStack 9.x-updates

Bug Description

Detailed bug description:
It was observed that RMQ server 3.6.1 package shipping with MOS is outdated / vulnerable.
Please provide updated RabbitMQ package.
https://www.cvedetails.com/vulnerability-list/vendor_id-15183/product_id-30922/version_id-206090/Pivotal-Software-Rabbitmq-3.6.1.html

Expected results:
MOS ships with RMQ 3.6.12 or more recent e.g. 3.6.15.
https://www.rabbitmq.com/changelog.html

Revision history for this message
Denis Meltsaykin (dmeltsaykin) wrote :

In 9.2 we ship 3.6.11, all CVEs are valid only for versions prior to 3.6.9: https://www.cvedetails.com/vulnerability-list/vendor_id-15183/product_id-30922/Pivotal-Software-Rabbitmq.html

This request makes no sense, there are no security fixes between 3.6.11 and 3.6.15. Please clarify why you need 3.6.15.

Changed in mos:
assignee: Denis Meltsaykin (dmeltsaykin) → Adam Heczko (aheczko-mirantis)
status: New → Incomplete
Revision history for this message
Adam Heczko (aheczko-mirantis) wrote :

ACK. 3.6.11 contains all available security fixes.
Closing as invalid.

Changed in mos:
status: Incomplete → Invalid
assignee: Adam Heczko (aheczko-mirantis) → Denis Meltsaykin (dmeltsaykin)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.