FEDORA-2019-032b36306f

security update in Fedora 29 for mosquitto

Status: obsolete

Fixes for the following CVES:

  • CVE-2018-12546
  • CVE-2018-12550
  • CVE-2018-12551

The list of other fixes addressed in version 1.5.6 is: Broker:

  • Fixed comment handling for config options that have optional arguments.
  • Improved documentation around bridge topic remapping.
  • Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
  • Fix spaces not being allowed in the bridge remote_username option. Closes #1131.
  • Allow broker to always restart on Windows when using log_dest file. Closes #1080.
  • Fix Will not being sent for Websockets clients. Closes #1143.
  • Windows: Fix possible crash when client disconnects. Closes #1137.
  • Fixed durable clients being unable to receive messages when offline, when per_listener_settings was set to true. Closes #1081.
  • Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Closes #1144.

Library:

  • Fix TLS connections not working over SOCKS.
  • Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references.

Comments 4

This update has been submitted for testing by pbrobinson.

This update has been pushed to testing.

Looks good to me.

karma: +1

This update has been obsoleted by mosquitto-1.5.7-1.fc29.

Content Type
RPM
Status
obsolete
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 5 months ago
in testing 5 months ago

Automated Test Results