UbuntuUpdates.org

Package "libmosquittopp-dev"

Name: libmosquittopp-dev

Description:

MQTT version 3.1 client C++ library, development files

Latest version: 2.0.11-1ubuntu1.1
Release: jammy (22.04)
Level: security
Repository: universe
Head package: mosquitto
Homepage: https://mosquitto.org/

Links


Download "libmosquittopp-dev"


Other versions of "libmosquittopp-dev" in Jammy

Repository Area Version
base universe 2.0.11-1ubuntu1
updates universe 2.0.11-1ubuntu1.1

Changelog

Version: 2.0.11-1ubuntu1.1 2023-11-21 14:06:59 UTC

  mosquitto (2.0.11-1ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Authorization bypass
    - debian/patches/CVE-2021-34434.patch: Fix $share subscriptions not
      being recovered for durable clients
    - CVE-2021-34434
  * SECURITY UPDATE: Denial of Service
   - debian/patches/CVE-2021-41039.patch: Fix CONNECT performance
    - debian/patches/CVE-2023-0809.patch: Fix excessive memory usage.
    - debian/patches/CVE-2023-3592.patch: Fix memory leak when clients
      send v5 CONNECT packets.
    - debian/patches/CVE-2023-28366-1.patch: Fix memory leak in broker
    - debian/patches/CVE-2023-28366-2.patch: Fix regression
    - CVE-2021-41039
    - CVE-2023-0809
    - CVE-2023-3592
    - CVE-2023-28366

 -- Giampaolo Fresi Roglia <email address hidden> Sun, 19 Nov 2023 19:09:47 +0100

CVE-2021-34434 In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is
CVE-2021-41039 In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CP
CVE-2023-0809 In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
CVE-2023-28366 The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages



About   -   Send Feedback to @ubuntu_updates