Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
219
security advisoryimportantrocky linuxRocky Linux 10 RLSA-2026-11516 Nebula Critical Information Safety Warning
Important: yggdrasil security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:11413", "synopsis": "Important: yggdrasil security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for yggdrasil.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child \"worker\" process, exchanging data with its worker processes through a D-Bus message broker.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-05-01T12:06:42.394267Z", "rpms": {"Rocky Linux 10": {"nvras": ["yggdrasil-debuginfo-0:0.4.8-4.el10_1.aarch64.rpm", "yggdrasil-debugsource-0:0.4.8-4.el10_1.aarch64.rpm", "yggdrasil-debugsource-0:0.4.8-4.el10_1.ppc64le.rpm", "yggdrasil-debugsource-0:0.4.8-4.el10_1.s390x.rpm", "yggdrasil-0:0.4.8-4.el10_1.aarch64.rpm", "yggdrasil-devel-0:0.4.8-4.el10_1.aarch64.rpm", "yggdrasil-debugsource-0:0.4.8-4.el10_1.x86_64.rpm", "yggdrasil-0:0.4.8-4.el10_1.src.rpm", "yggdrasil-devel-0:0.4.8-4.el10_1.x86_64.rpm", "yggdrasil-0:0.4.8-4.el10_1.x86_64.rpm","yggdrasil-devel-0:0.4.8-4.el10_1.ppc64le.rpm", "yggdrasil-debuginfo-0:0.4.8-4.el10_1.x86_64.rpm", "yggdrasil-debuginfo-0:0.4.8-4.el10_1.s390x.rpm", "yggdrasil-0:0.4.8-4.el10_1.ppc64le.rpm", "yggdrasil-0:0.4.8-4.el10_1.s390x.rpm", "yggdrasil-debuginfo-0:0.4.8-4.el10_1.ppc64le.rpm", "yggdrasil-devel-0:0.4.8-4.el10_1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Yggdrasil security update addresses important security issue in Rocky Linux 10, ensuring system integrity and safe data exchange.. yggdrasil update, rocky linux security, MQTT broker protection, network parsing errors. . Severity: Important. LinuxSecurity.com Team
May 01, 2026
•Important
Rocky Linux
89
security advisoryfedoraupdateFedora 44 qt6-qtmqtt Bugfix Update FEDORA-2026-70776c2dc3
Qt 6.10.3 bugfix update.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-70776c2dc3 2026-04-25 01:21:36.172096+00:00 -------------------------------------------------------------------------------- Name : qt6-qtmqtt Product : Fedora 44 Version : 6.10.3 Release : 1.fc44 URL : http://www.qt.io Summary : Qt6 - Mqtt module Description : MQTT is a machine-to-machine (M2M) protocol utilizing the publish-and-subscribe paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry displays and devices to publish telemetry data. -------------------------------------------------------------------------------- Update Information: Qt 6.10.3 bugfix update. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 31 2026 Jan Grulich - 6.10.3-1 - 6.10.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-70776c2dc3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
Fedora
89
security advisoryfedoraupdateFedora 42: mqttcli Update 0.2.8 Critical Integer Overflow Issues
Update to 0.2.8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-34b0986502 2025-12-20 01:18:41.356206+00:00 -------------------------------------------------------------------------------- Name : mqttcli Product : Fedora 42 Version : 0.2.8 Release : 1.fc42 URL : https://github.com/subpop/mqttcli Summary : A simple MQTT command-line client Description : mqttcli provides two programs (pub and sub) that allow command-line access to an MQTT broker. sub subscribes to a topic and prints messages received to standard output. pub publishes the provided message to the provided topic. Both programs accept flags that can be provided as a config file. -------------------------------------------------------------------------------- Update Information: Update to 0.2.8 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2025 Link Dupont - 0.2.8-1 - Update to 0.2.8 * Wed Dec 17 2025 Link Dupont - 0.2.7-1 - Update to 0.2.7 * Fri Oct 10 2025 Alejandro Sez - 0.2.5-9 - rebuild * Fri Aug 15 2025 Maxwell G - 0.2.5-8 - Rebuild for golang-1.25.0 * Thu Jul 24 2025 Fedora Release Engineering - 0.2.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408071 - CVE-2025-58189 mqttcli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408071 [ 2 ] Bug #2409541 - CVE-2025-61723 mqttcli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409541 [ 3 ] Bug #2410492 - CVE-2025-58185 mqttcli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410492 [ 4 ] Bug #2411390 - CVE-2025-58188 mqttcli:Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411390 [ 5 ] Bug #2423005 - CVE-2025-10543 mqttcli: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2423005 [ 6 ] Bug #2423014 - CVE-2025-10543 mqttcli: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2423014 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-34b0986502' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to mqttcli 0.2.8 addresses critical issues in the Fedora 42 distribution. Upgrade recommended for all users.. mqttcli update Fedora memory exhaustion integer overflow. . Severity: Important. LinuxSecurity.com Team
Dec 20, 2025
•Important
Fedora
89
security advisoryfedoraupdateFedora 33 Mosquitto 1.6.14 Update With Enhanced Messaging Performance
Update to 1.6.14 https://mosquitto.org/blog/2021/03/version-2-0-9-released/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-da3784629e 2021-04-13 14:29:40.848858 --------------------------------------------------------------------------------Name : mosquitto Product : Fedora 33 Version : 1.6.14 Release : 1.fc33 URL : https://mosquitto.org/ Summary : Open Source MQTT v3.1/v3.1.1 Broker Description : Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. --------------------------------------------------------------------------------Update Information: Update to 1.6.14 https://mosquitto.org/blog/2021/03/version-2-0-9-released/ --------------------------------------------------------------------------------ChangeLog: * Mon Apr 5 2021 Peter Robinson - 1.6.14-1 - Update to 1.6.14 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-da3784629e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 13, 2021
Fedora
89
security advisoryfedoraupdateFedora 30 Mosquitto: FEDORA-2019-8b83c261dd Moderate: MQTT Crash Fix
1.6.7 Fix potential crash when reloading config. Client library: * Don't use / in autogenerated client ids, to avoid confusing with topics. * Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour. * Fix regression on use of. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-8b83c261dd 2019-10-04 21:23:34.757643 --------------------------------------------------------------------------------Name : mosquitto Product : Fedora 30 Version : 1.6.7 Release : 1.fc30 URL : https://mosquitto.org/ Summary : An Open Source MQTT v3.1/v3.1.1 Broker Description : Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. --------------------------------------------------------------------------------Update Information: 1.6.7 ===== Broker: * Add workaround for working with libwebsockets 3.2.0. * Fix potential crash when reloading config. Client library: * Don't use / in autogenerated client ids, to avoid confusing with topics. * Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour. * Fix regression on use of mosquitto_connect_async() not working. Clients: * mosquitto_sub: Fix -E incorrectly not working unless -d was also specified. * Updated documentation around automatic client ids. 1.6.6 ===== Security: * CVE-2019-11779 * Restrict topic hierarchy to 200 levels to prevent possible stack overflow. Broker: * Restrict topic hierarchy to 200 levels to prevent possible stack overflow. * mosquitto_passwd now returns 1 when attempting to update a user that does notexist. 1.6.5 ===== Broker: * Fix v5 DISCONNECT packets with remaining length == 2 being treated as a protocol error. * Fix support for libwebsockets 3.x. * Fix slow websockets performance when sending large messages. * Fix bridges potentially not connecting on Windows. * Fix clients authorised using `use_identity_as_username` or `use_subject_as_username` being disconnected on SIGHUP. * Improve error messages in some situations when clients disconnect. Reduces the number of "Socket error on client X, disconnecting" messages. * Fix Will for v5 clients not being sent if will delay interval was greater than the session expiry interval. * Fix CRL file not being reloaded on HUP. * Fix repeated "Error in poll" messages on Windows when only websockets listeners are defined. Client library: * Fix reconnect backoff for the situation where connections are dropped rather than refused. * Fix missing locks on `mosq-> state`. Documentation: * Improve details on global/per listener options in the mosquitto.conf man page. * Clarify behaviour when clients exceed the `message_size_limit`. * Improve documentation for `max_inflight_bytes`, `max_inflight_messages`, and `max_queued_messages`. --------------------------------------------------------------------------------ChangeLog: * Wed Sep 25 2019 Peter Robinson 1.6.7-1 - 1.6.7 release * Tue Sep 24 2019 Fabian Affolter - 1.6.6-1 - Update to new upstream version 1.6.6 * Sat Sep 14 2019 Peter Robinson 1.6.5-1 - 1.6.5 release * Mon Sep 2 2019 Peter Robinson 1.6.4-2 - Rebuild for libwebsockets 3.2 * Fri Aug 2 2019 Peter Robinson 1.6.4-1 - 1.6.4 release * Thu Jul 25 2019 Fedora Release Engineering - 1.6.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Jun 18 2019 Fabian Affolter - 1.6.3-1 - Update to new upstream version 1.6.3 * Tue Apr 30 2019 Peter Robinson 1.6.2-1 - 1.6.2 release * Sat Apr 27 2019 Peter Robinson 1.6.1-1 - 1.6.1 release * Thu Apr 18 2019 Peter Robinson 1.6.0-1 - Major new1.6.0 release - Support for MQTT 5 --------------------------------------------------------------------------------References: [ 1 ] Bug #1753846 - CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow https://bugzilla.redhat.com/show_bug.cgi?id=1753846 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-8b83c261dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 04, 2019
Fedora
87
security advisorycriticaldebianDebian: DSA-4782-2 Urgent OpenSSL Vulnerability Mitigation
It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. For the stable distribution (jessie), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3865-1
May 29, 2017
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!