Sicherheit: Denial of Service in mosquitto
Aktuelle Meldungen Distributionen
Name: Denial of Service in mosquitto
ID: FEDORA-2018-ff1fdf28aa
Distribution: Fedora
Plattformen: Fedora 29
Datum: Di, 30. Oktober 2018, 22:37
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12543
Applikationen: Mosquitto


Fedora Update Notification
2018-10-30 17:13:37.320007

Name : mosquitto
Product : Fedora 29
Version : 1.5.3
Release : 1.fc29
URL : http://mosquitto.org/
Summary : An Open Source MQTT v3.1/v3.1.1 Broker
Description :
Mosquitto is an open source message broker that implements the MQ Telemetry
Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method
of carrying out messaging using a publish/subscribe model. This makes it
suitable for "machine to machine" messaging such as with low power
or mobile devices such as phones, embedded computers or micro-controllers
like the Arduino.

Update Information:

Release 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to
Mosquitto with a topic that begins with $, but is not $SYS, then an assert that
should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate
log level to warning for situation when socket limit is hit. * Remove
requirement to use `user root` in snap package config files. * Fix retained
messages not sent by bridges on outgoing topics at the first connection. *
Documentation fixes. * Fix duplicate clients being added to by_id hash before
the old client was removed. * Fix Windows version not starting if include_dir
did not contain any files. Build: * Various fixes to ease building. ----

* Sun Oct 14 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.5.3-1
- 1.5.3 release
* Thu Sep 20 2018 Fabian Affolter <mail@fabian-affolter.ch> - 1.5.2-2
* Thu Sep 20 2018 Fabian Affolter <mail@fabian-affolter.ch> - 1.5.2-1
- Update to new upstream version 1.5.2

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-ff1fdf28aa' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Frohe Ostern
Neue Nachrichten