==========================================================================
Ubuntu Security Notice USN-7399-1
March 31, 2025

rabbitmq-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

RabbitMQ Server's management UI could be made to run code via
cross-site scripting (XSS).

Software Description:
- rabbitmq-server: AMQP server written in Erlang

Details:

It was discovered that RabbitMQ Server's management UI did not sanitize
certain input. An attacker could possibly use this issue to inject code
by performing a cross-site scripting (XSS) attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  rabbitmq-server                 3.12.1-1ubuntu2.1

Ubuntu 24.04 LTS
  rabbitmq-server                 3.12.1-1ubuntu1.2

Ubuntu 22.04 LTS
  rabbitmq-server                 3.9.27-0ubuntu0.2

Ubuntu 20.04 LTS
  rabbitmq-server                 3.8.3-0ubuntu0.3

After a standard system update you need to restart RabbitMQ Server to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7399-1
  CVE-2025-30219

Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu2.1
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.9.27-0ubuntu0.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.3-0ubuntu0.3