Package "mosquitto-clients"
| Name: |
mosquitto-clients
|
Description: |
Mosquitto command line MQTT clients
|
| Latest version: |
2.0.11-1ubuntu1.1 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
mosquitto |
| Homepage: |
https://mosquitto.org/ |
Links
Download "mosquitto-clients"
Other versions of "mosquitto-clients" in Jammy
Changelog
|
mosquitto (2.0.11-1ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Authorization bypass
- debian/patches/CVE-2021-34434.patch: Fix $share subscriptions not
being recovered for durable clients
- CVE-2021-34434
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-41039.patch: Fix CONNECT performance
- debian/patches/CVE-2023-0809.patch: Fix excessive memory usage.
- debian/patches/CVE-2023-3592.patch: Fix memory leak when clients
send v5 CONNECT packets.
- debian/patches/CVE-2023-28366-1.patch: Fix memory leak in broker
- debian/patches/CVE-2023-28366-2.patch: Fix regression
- CVE-2021-41039
- CVE-2023-0809
- CVE-2023-3592
- CVE-2023-28366
-- Giampaolo Fresi Roglia <email address hidden> Sun, 19 Nov 2023 19:09:47 +0100
|
| CVE-2021-34434 |
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is |
| CVE-2021-41039 |
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CP |
| CVE-2023-0809 |
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. |
| CVE-2023-28366 |
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages |
|
About
-
Send Feedback to @ubuntu_updates
