Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 30: FEDORA-2019-cc896df591 Critical: Mosquitto Client Disconnection

fedora
Calendar Grey May 10, 2019
Dist Fedora Esm H88
The latest mosquitto update in Fedora 30 addresses several critical bugs, such as client connectivity problems and unsafe memory interactions that could result in system failures.
1.6.2 when v5 client with Will message disconnects, where the Will message has as its first property one of `content-type`, `correlation-data`, `payload-format- indicator`, or `res...

Summary

Mosquitto is an open source message broker that implements the MQ Telemetry

Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method

of carrying out messaging using a publish/subscribe model. This makes it

suitable for "machine to machine" messaging such as with low power sensors

or mobile devices such as phones, embedded computers or micro-controllers

like the Arduino.

1.6.2 ===== Broker: * Fix memory access after free, leading to possible crash,

when v5 client with Will message disconnects, where the Will message has as its

first property one of `content-type`, `correlation-data`, `payload-format-indicator`, or `response-topic`. * Fix build for WITH_TLS=no. * Fix Will message

not allowing user-property properties. * Fix broker originated messages (e.g.

$SYS/broker/version) not being published when `check_retain_source` set to true.

Closes #1245. * Fix $SYS/broker/version being incorrectly expired after 60

seconds. Closes #1245. Library: * Fix crash after client has been unable to

connect to a broker. This occurs when the client is exiting and is part of the

final library cleanup routine. Closes #1246. Clients: * Fix -L url parsing.

Closes #1248. ---- 1.6.1 release

* Tue Apr 30 2019 Peter Robinson 1.6.2-1

- 1.6.2 release

* Sat Apr 27 2019 Peter Robinson 1.6.1-1

- 1.6.1 release

* Thu Apr 18 2019 Peter Robinson 1.6.0-1

- Major new 1.6.0 release

- Support for MQTT 5

su -c 'dnf upgrade --advisory FEDORA-2019-cc896df591' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory critical Fedora client crash mosquitto MQTT messaging issue

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 1.6.2
Release: 1.fc30
URL: https://mosquitto.org/
Summary: An Open Source MQTT v3.1/v3.1.1 Broker

Topics%20covered

Topics Covered

security advisory critical Fedora client crash mosquitto MQTT messaging issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here