FEDORA-EPEL-2019-cf8b89de02 created by pbrobinson 9 months ago for Fedora EPEL 7
obsolete

Fixes for the following CVES:

  • CVE-2018-12546
  • CVE-2018-12550
  • CVE-2018-12551

The list of other fixes addressed in version 1.5.6 is: Broker:

  • Fixed comment handling for config options that have optional arguments.
  • Improved documentation around bridge topic remapping.
  • Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
  • Fix spaces not being allowed in the bridge remote_username option. Closes #1131.
  • Allow broker to always restart on Windows when using log_dest file. Closes #1080.
  • Fix Will not being sent for Websockets clients. Closes #1143.
  • Windows: Fix possible crash when client disconnects. Closes #1137.
  • Fixed durable clients being unable to receive messages when offline, when per_listener_settings was set to true. Closes #1081.
  • Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Closes #1144.

Library:

  • Fix TLS connections not working over SOCKS.
  • Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references.
This update has been submitted for testing by pbrobinson. 9 months ago
This update has been pushed to testing. 9 months ago
This update has been obsoleted by [mosquitto-1.5.7-1.el7](https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b089414a9d). 9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
9 months ago
in testing
9 months ago

Automated Test Results