USN-4823-1: Mosquitto vulnerability
15 March 2021
Mosquitto could be made to crash if it received specially crafted input.
Releases
Packages
- mosquitto - MQTT version 3.1/3.1.1 compatible message broker
Details
It was discovered that Mosquitto incorrectly handled certain inputs. A
remote attacker could possibly use this issue to cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
libmosquitto1
-
1.4.15-2ubuntu0.18.04.3+esm1
Available with Ubuntu Pro
-
mosquitto
-
1.4.15-2ubuntu0.18.04.3+esm1
Available with Ubuntu Pro
-
libmosquittopp1
-
1.4.15-2ubuntu0.18.04.3+esm1
Available with Ubuntu Pro
-
mosquitto-clients
-
1.4.15-2ubuntu0.18.04.3+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libmosquitto1
-
1.4.8-1ubuntu0.16.04.7+esm1
Available with Ubuntu Pro
-
mosquitto
-
1.4.8-1ubuntu0.16.04.7+esm1
Available with Ubuntu Pro
-
libmosquittopp1
-
1.4.8-1ubuntu0.16.04.7+esm1
Available with Ubuntu Pro
-
mosquitto-clients
-
1.4.8-1ubuntu0.16.04.7+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.