Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

Debian 8: DLA-1525-1 Critical: Mosquitto Denial Of Service

debian lts
Calendar Grey September 28, 2018
Dist Debian Esm H88
The recent security patch for Mosquitto resolves several concerns, notably including denial of service flaws. Ensure you update to version 1.3.4-2+deb8u3.
CVE-2017-7653 As invalid UTF-8 strings are not correctly checked, an attacker could

Summary

As invalid UTF-8 strings are not correctly checked, an attacker could
cause a denial of service to other clients by disconnecting
them from the broker with special crafted topics.


CVE-2017-7654

Due to a memory leak unauthenticated clients can send special crafted
CONNECT packets which could cause a denial of service in the broker.


CVE-2017-9868

Due to wrong file permissions local users could obtain topic
information from the mosquitto database.


For Debian 8 "Jessie", these problems have been fixed in version
1.3.4-2+deb8u3.

We recommend that you upgrade your mosquitto packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: mosquitto
Version: 1.3.4-2+deb8u3
CVE ID: CVE-2017-7653 CVE-2017-7654 CVE-2017-9868

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.