Updated mosquitto packages fix security vulnerability
Publication date: 29 Sep 2021Modification date: 29 Sep 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-34434
Description
Mosquitto is updated to 2.0.12 to fix security vulnerability: In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked (CVE-2021-34434).
References
SRPMS
8/core
- mosquitto-2.0.12-1.mga8