FEDORA-2018-a115b0b80e — security update for mosquitto

stable

mosquitto-1.5.3-1.fc27

FEDORA-2018-a115b0b80e created by pbrobinson 6 years ago for Fedora 27

Release 1.5.3

Security:

Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit.

Broker:

Elevate log level to warning for situation when socket limit is hit.
Remove requirement to use user root in snap package config files.
Fix retained messages not sent by bridges on outgoing topics at the first connection.
Documentation fixes.
Fix duplicate clients being added to by_id hash before the old client was removed.
Fix Windows version not starting if include_dir did not contain any files.

Build:

Various fixes to ease building.

Use WITH_BUNDLED_DEPS=no

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-a115b0b80e

This update has been submitted for testing by pbrobinson.

6 years ago

This update has obsoleted mosquitto-1.5.2-2.fc27, and has inherited its bugs and notes.

6 years ago

This update has been pushed to testing.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by pbrobinson.

6 years ago

This update has been submitted for stable by pbrobinson.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

6 years ago

in testing

6 years ago

in stable

6 years ago

Builds

mosquitto-1.5.3-1.fc27

Automated Test Results

ignored