Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 35: High Risk Apache HTTP Server Denial of Service Vulnerability

fedora
Calendar Grey June 18, 2021
Dist Fedora Esm H88
CentOS Notification Alert regarding RabbitMQ fixes a security vulnerability stemming from malformed packets affecting the server.
2.0.11 Security If an authenticated client connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur

Summary

Mosquitto is an open source message broker that implements the MQ Telemetry

Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method

of carrying out messaging using a publish/subscribe model. This makes it

suitable for "machine to machine" messaging such as with low power sensors

or mobile devices such as phones, embedded computers or micro-controllers

like the Arduino.

2.0.11 Security If an authenticated client connected with MQTT v5 sent a

crafted CONNECT message to the broker a memory leak would occur. Affects

versions 1.6 to 2.0.10 inclusive. Broker Fix possible crash having just

upgraded from 1.6 if per_listener_settings true is set, and a SIGHUP is sent to

the broker before a client has reconnected to the broker. Fix bridge not

reconnectng if the first reconnection attempt fails. Improve QoS 0 outgoing

packet queueing. Fix non-reachable bridge blocking the broker on Windows.

Fix possible corruption of pollfd array on Windows when bridges were

reconnecting. Fix QoS 0 messages not being queued when queue_qos0_messages

was enabled. Clients If sending mosquitto_sub output to a pipe,

mosquitto_sub will now detect that the pipe has closed and disconnect. Fix

mosquitto_pub -l quitting if a message publication is attempted when the broker

is temporarily unavailable.

* Thu Jun 10 2021 Peter Robinson - 2.0.11-1

- Update to 2.0.11

su -c 'dnf upgrade --advisory FEDORA-2021-1382b4c7f5' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory update Fedora memory leak mosquitto broker

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 2.0.11
Release: 1.fc34
URL: https://mosquitto.org/
Summary: Open Source MQTT v5/v3.1.x Broker

Topics%20covered

Topics Covered

security advisory update Fedora memory leak mosquitto broker

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here