Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 29: 2018-ff1fdf28aa Moderate: Mosquitto Message Broker Security Fix

fedora
Calendar Grey October 30, 2018
Dist Fedora Esm H88
Patch for Mosquitto vulnerability CVE-2018-12543 in Fedora enhances both stability and logging functionalities.
Release 1.5.3 Security: * Fix CVE-2018-12543

Summary

Mosquitto is an open source message broker that implements the MQ Telemetry

Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method

of carrying out messaging using a publish/subscribe model. This makes it

suitable for "machine to machine" messaging such as with low power sensors

or mobile devices such as phones, embedded computers or micro-controllers

like the Arduino.

Release 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to

Mosquitto with a topic that begins with $, but is not $SYS, then an assert that

should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate

log level to warning for situation when socket limit is hit. * Remove

requirement to use `user root` in snap package config files. * Fix retained

messages not sent by bridges on outgoing topics at the first connection. *

Documentation fixes. * Fix duplicate clients being added to by_id hash before

the old client was removed. * Fix Windows version not starting if include_dir

did not contain any files. Build: * Various fixes to ease building. ----Use WITH_BUNDLED_DEPS=no

* Sun Oct 14 2018 Peter Robinson 1.5.3-1

- 1.5.3 release

* Thu Sep 20 2018 Fabian Affolter - 1.5.2-2

- Use WITH_BUNDLED_DEPS=no

* Thu Sep 20 2018 Fabian Affolter - 1.5.2-1

- Update to new upstream version 1.5.2

su -c 'dnf upgrade --advisory FEDORA-2018-ff1fdf28aa' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory moderate Fedora security fix Mosquitto message broker

Change Log

References

Update Instructions

Product: Fedora 29
Version: 1.5.3
Release: 1.fc29
URL: https://mosquitto.org/
Summary: An Open Source MQTT v3.1/v3.1.1 Broker

Topics%20covered

Topics Covered

security advisory moderate Fedora security fix Mosquitto message broker

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here