You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa mosquitto

Sigurnosni nedostaci programskog paketa mosquitto

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4023-1
June 20, 2019

mosquitto vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Mosquitto.

Software Description:
– mosquitto: MQTT version 3.1/3.1.1 compatible message broker

Details:

It was discovered that Mosquitto broker incorrectly handled certain specially
crafted input and network packets. A remote attacker could use this to cause a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
libmosquitto1 1.4.15-2ubuntu0.18.10.3
libmosquittopp1 1.4.15-2ubuntu0.18.10.3
mosquitto 1.4.15-2ubuntu0.18.10.3
mosquitto-clients 1.4.15-2ubuntu0.18.10.3

Ubuntu 18.04 LTS:
libmosquitto1 1.4.15-2ubuntu0.18.04.3
libmosquittopp1 1.4.15-2ubuntu0.18.04.3
mosquitto 1.4.15-2ubuntu0.18.04.3
mosquitto-clients 1.4.15-2ubuntu0.18.04.3

Ubuntu 16.04 LTS:
libmosquitto1 1.4.8-1ubuntu0.16.04.7
libmosquittopp1 1.4.8-1ubuntu0.16.04.7
mosquitto 1.4.8-1ubuntu0.16.04.7
mosquitto-clients 1.4.8-1ubuntu0.16.04.7

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4023-1
CVE-2017-7653, CVE-2017-7654

Package Information:
https://launchpad.net/ubuntu/+source/mosquitto/1.4.15-2ubuntu0.18.10.3
https://launchpad.net/ubuntu/+source/mosquitto/1.4.15-2ubuntu0.18.04.3
https://launchpad.net/ubuntu/+source/mosquitto/1.4.8-1ubuntu0.16.04.7
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAl0Lva0ACgkQkGeI6zGn
N//BHA//Yv9AxJUn6Ljqdpwig8PWjD9SWLe6QpgwXEukZXz/PQ1LJ5c0b2AzJlVR
jSlVMnJ+/g4/yQAYaFd1daKqzqzMFrUfPtxa1htg38y8bZRmP8y6tpqQmRZAPkxM
sp35j7lv0W76pAJovV384azbpmO81ynurV1zKCXK4hqgr7uVMPZlstXs/ZrfEe1n
3XByXo+4FesfUnTN4kunw5JdYo+0BuGVpJjoeiMq8w54uD9SHLupmbSDOmrt5mGq
/UBSk2ilRQZa9ucS2ONhEywx5wL0Bg2BQJAnpjBYkArAllCWEtDQbLx9+MG09Q9r
s6XRXX8lMwSb1bZz3M5/sG2zd2L+PAtwPvBB4+sq2t1mtzHLYmrv5l/UKW9yoxyX
449dtO/H5u1gBV8HxLXh55hJpRSauJ1kDJ1nwlO9HSNgkCA+HjB/E5emnjZL1k7+
JhWvYsWy0GW6msrATMfCgcIN4rMkmVuzRMnb8lmUs1w5Dn4swrLXp2+tOChTHIGX
HhtexVfhqs8QWdyrqdYTQ3psscvVOLYrPUKxNKsbdjcRteBRxrbgglX0BPP1jpTz
4jiweHMJoLP7sNfJGmZXlxJpJILwTwODQS69yhY7JqY3o4wWOXUZ1oU6b8Hgmyvx
lxiPhnCpQ79D0ip6BF67gpzGxPA/2VQNk0lvxQQkcT9dhl+ai38=
=vJqw
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2019-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa python

Otkriven je sigurnosni nedostatak u programskom paketu python za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close