Overview

File _patchinfo of Package patchinfo.38486

<patchinfo incident="38486">
  <issue tracker="bnc" id="1231656">[sle15sp6][rabbitmq-server313]rabbitmq-server.service fails to start with error "Runtime terminating during boot ({error,{rabbitmq_prelaunch,{"no such file or directory","rabbitmq_prelaunch.app"}}})"</issue>
  <issue tracker="bnc" id="1240071">VUL-0: CVE-2025-30219: rabbitmq-server: Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable</issue>
  <issue tracker="bnc" id="1234763">rabbitmq-server313 pulls in rabbitmq-server-plugins instead of rabbitmq-server313-plugins</issue>
  <issue tracker="cve" id="2025-30219"/>
  <packager>simotek</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for rabbitmq-server313</summary>
  <description>This update for rabbitmq-server313 fixes the following issues:

- CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. (bsc#1240071)

Non-security fixes:

- Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. (bsc#1231656, bsc#1234763)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places