Stay Secure with the Latest Linux Advisories

security advisorymoderatesecurity issue

Fedora 28: 2019-8cbe2a05cd Moderate: Mosquitto 1.5.6 Updates

Fixes for the following CVES: * CVE-2018-12546 * CVE-2018-12550 * CVE-2018-12551 The list of other fixes addressed in version 1.5.6 is: Broker: * Fixed comment handling for config options that have optional arguments. * Improved documentation around bridge topic remapping. * Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly. * Fix spaces not being. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-8cbe2a05cd 2019-02-18 01:25:49.106983 --------------------------------------------------------------------------------Name : mosquitto Product : Fedora 28 Version : 1.5.6 Release : 1.fc28 URL : https://mosquitto.org/ Summary : An Open Source MQTT v3.1/v3.1.1 Broker Description : Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. --------------------------------------------------------------------------------Update Information: Fixes for the following CVES: * CVE-2018-12546 * CVE-2018-12550 * CVE-2018-12551 The list of other fixes addressed in version 1.5.6 is: Broker: * Fixed comment handling for config options that have optional arguments. * Improved documentation around bridge topic remapping. * Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly. * Fix spaces not being allowed in the bridge remote_username option. Closes #1131. * Allow broker to always restart on Windows when using log_dest file. Closes #1080. * Fix Will not being sent for Websockets clients. Closes #1143. * Windows: Fix possible crash when client disconnects. Closes #1137. * Fixed durable clients being unable to receive messages whenoffline, when per_listener_settings was set to true. Closes #1081. * Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Closes #1144. Library: * Fix TLS connections not working over SOCKS. * Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references. --------------------------------------------------------------------------------ChangeLog: * Sat Feb 9 2019 Peter Robinson 1.5.6-1 - 1.5.6 release * Fri Feb 1 2019 Fedora Release Engineering - 1.5.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jan 7 2019 Peter Robinson 1.5.5-2 - Rebuild for libwebsockets 3.x * Tue Dec 18 2018 Fabian Affolter - 1.5.5-1 - Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414) * Fri Nov 9 2018 Fabian Affolter - 1.5.4-2 - Update to new upstream version 1.5.4 * Sun Oct 14 2018 Peter Robinson 1.5.3-1 - 1.5.3 release * Thu Sep 20 2018 Fabian Affolter - 1.5.2-2 - Use WITH_BUNDLED_DEPS=no * Thu Sep 20 2018 Fabian Affolter - 1.5.2-1 - Update to new upstream version 1.5.2 * Mon Aug 20 2018 Peter Robinson 1.5.1-1 - 1.5.1 release * Fri Jul 20 2018 John W. Linville - 1.5-5 - Add previously unnecessary BuildRequires for gcc-c++ * Fri Jul 13 2018 Fedora Release Engineering - 1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sat May 26 2018 Rich Mattes - 1.5-3 - Add network-online.target and documentation to unitfile * Sat May 26 2018 Rich Mattes - 1.5-2 - Use upstream systemd service and enable systemd notification support (rhbz#1410654) * Sun May 20 2018 Fabian Affolter - 1.5-2 - Update to new upstream version 1.5 (rhbz#1580115) * Sat May 5 2018 Fabian Affolter - 1.4.15-2 - Update systemd unit file (rhbz#1564733) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2019-8cbe2a05cd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. . Essential modifications to the Mosquitto MQTT broker in Fedora 28 tackle urgent security vulnerabilities and improve overall dependability.. mosquitto update, Fedora 28 security, MQTT broker fixes, security advisory, software patch. . Severity: Important. LinuxSecurity.com Team

Feb 18, 2019 •Important Fedora