Advisories » MGASA-2021-0349

Updated mosquitto packages fix security vulnerability

Publication date: 12 Jul 2021
Modification date: 12 Jul 2021
Type: security
Affected Mageia releases : 7 , 8

Description

Updated mosquitto packages fix security vulnerability:

If an authenticated client connected with MQTT v5 sent a crafted CONNECT
message to the broker a memory leak would occur.

For other fixes in this update, see the mosquitto.org blog reference.

References

SRPMS

8/core

mosquitto-2.0.11-1.mga8

7/core

mosquitto-1.6.15-1.mga7
uthash-2.1.0-1.mga7