Package "mosquitto"
Name: |
mosquitto
|
Description: |
MQTT version 5.0/3.1.1/3.1 compatible message broker
|
Latest version: |
2.0.11-1ubuntu1.1 |
Release: |
jammy (22.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://mosquitto.org/ |
Links
Download "mosquitto"
Other versions of "mosquitto" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
mosquitto (2.0.11-1ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Authorization bypass
- debian/patches/CVE-2021-34434.patch: Fix $share subscriptions not
being recovered for durable clients
- CVE-2021-34434
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-41039.patch: Fix CONNECT performance
- debian/patches/CVE-2023-0809.patch: Fix excessive memory usage.
- debian/patches/CVE-2023-3592.patch: Fix memory leak when clients
send v5 CONNECT packets.
- debian/patches/CVE-2023-28366-1.patch: Fix memory leak in broker
- debian/patches/CVE-2023-28366-2.patch: Fix regression
- CVE-2021-41039
- CVE-2023-0809
- CVE-2023-3592
- CVE-2023-28366
-- Giampaolo Fresi Roglia <email address hidden> Sun, 19 Nov 2023 19:09:47 +0100
|
CVE-2021-34434 |
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is |
CVE-2021-41039 |
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CP |
CVE-2023-0809 |
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. |
CVE-2023-28366 |
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages |
|
About
-
Send Feedback to @ubuntu_updates