Sicherheit: Mehrere Probleme in mosquitto
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mosquitto
ID: FEDORA-2019-9dfd196cfa
Distribution: Fedora
Plattformen: Fedora 29
Datum: Fr, 15. März 2019, 19:55
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12550
Applikationen: Mosquitto


Fedora Update Notification
2019-03-15 18:28:14.962818

Name : mosquitto
Product : Fedora 29
Version : 1.5.8
Release : 1.fc29
URL : http://mosquitto.org/
Summary : An Open Source MQTT v3.1/v3.1.1 Broker
Description :
Mosquitto is an open source message broker that implements the MQ Telemetry
Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method
of carrying out messaging using a publish/subscribe model. This makes it
suitable for "machine to machine" messaging such as with low power
or mobile devices such as phones, embedded computers or micro-controllers
like the Arduino.

Update Information:

1.5.8 ===== Broker: * Fix clients being disconnected when ACLs are in use.
This only affects the case where a client connects using a username, and the
anonymous ACL list is defined but specific user ACLs are not defined. Closes
#1162. * Make error messages for missing config file clearer. * Fix some
Coverity Scan reported errors that could occur when the broker was already
failing to start. * Fix broken mosquitto_passwd on FreeBSD. Closes #1032. * Fix
delayed bridge local subscriptions causing missing messages. Closes #1174.
Library: * Use higher resolution timer for random initialisation of client id
generation. Closes #1177. * Fix some Coverity Scan reported errors that could
occur when the library was already quitting. ---- Update to new upstream
version 1.5.7 ---- Fixes for the following CVES: * CVE-2018-12546 *
CVE-2018-12550 * CVE-2018-12551 The list of other fixes addressed in version
1.5.6 is: Broker: * Fixed comment handling for config options that have
optional arguments. * Improved documentation around bridge topic remapping. *
Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly. *
spaces not being allowed in the bridge remote_username option. Closes #1131. *
Allow broker to always restart on Windows when using log_dest file. Closes
#1080. * Fix Will not being sent for Websockets clients. Closes #1143. *
Windows: Fix possible crash when client disconnects. Closes #1137. * Fixed
durable clients being unable to receive messages when offline, when
per_listener_settings was set to true. Closes #1081. * Add log message for the
case where a client is disconnected for sending a topic with invalid UTF-8.
Closes #1144. Library: * Fix TLS connections not working over SOCKS. *
clear SSL context when TLS connection is closed, meaning if a user provided an
external SSL_CTX they have less chance of leaking references.

* Wed Mar 6 2019 Peter Robinson <pbrobinson@fedoraproject.org> 1.5.8-1
- New upstream version 1.5.8
* Sat Feb 16 2019 Fabian Affolter <mail@fabian-affolter.ch> - 1.5.7-1
- Update to new upstream version 1.5.7
* Sat Feb 9 2019 Peter Robinson <pbrobinson@fedoraproject.org> 1.5.6-1
- 1.5.6 release
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> -
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 7 2019 Peter Robinson <pbrobinson@fedoraproject.org> 1.5.5-2
- Rebuild for libwebsockets 3.x
* Tue Dec 18 2018 Fabian Affolter <mail@fabian-affolter.ch> - 1.5.5-1
- Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414)
* Fri Nov 9 2018 Fabian Affolter <mail@fabian-affolter.ch> - 1.5.4-2
- Update to new upstream version 1.5.4
* Sun Oct 14 2018 Peter Robinson <pbrobinson@fedoraproject.org> 1.5.3-1
- 1.5.3 release
* Thu Sep 20 2018 Fabian Affolter <mail@fabian-affolter.ch> - 1.5.2-2
* Thu Sep 20 2018 Fabian Affolter <mail@fabian-affolter.ch> - 1.5.2-1
- Update to new upstream version 1.5.2

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-9dfd196cfa' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten