Several security issues were fixed in Mosquitto.
Software Description:
- mosquitto: MQTT version 3.1/3.1.1 compatible message broker
Details:
Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain
inputs. If a user or an automated system were provided with a specially crafted
input, a remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34431)
Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If
a user or an automated system were provided with a specially crafted input, a
remote attacker could possibly use this issue to cause an authorisation bypass.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2021-34434)
Zhanxiang Song, Bin Yuan, DeQing Zou, and Hai Jin discovered that Mosquitto
incorrectly handled certain inputs. If a user or an automated system were
provided with a specially crafted input, a remote attacker could ...
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: mosquitto 2.0.11-1.2ubuntu0.1 Ubuntu 22.04 LTS: mosquitto 2.0.11-1ubuntu1.1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): mosquitto 1.6.9-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6492-1
CVE-2021-34431, CVE-2021-34434, CVE-2021-41039, CVE-2023-0809,
CVE-2023-28366, CVE-2023-3592
Get the latest Linux and open source security news straight to your inbox.