[SECURITY] [DLA 1334-1] mosquitto security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1334-1] mosquitto security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 31 Mar 2018 20:24:19 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1803312014420.14708@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : mosquitto
Version        : 0.15-2+deb7u3
CVE ID         : CVE-2017-7651 CVE-2017-7652


CVE-2017-7651
     A crafted CONNECT packet from an unauthenticated client could
     result in extraordinary memory consumption.

CVE-2017-7652
     In case all sockets/file descriptors are exhausted, a SIGHUP
     signal to reload the configuration could result in default
     config values (especially bad security settings)


For Debian 7 "Wheezy", these problems have been fixed in version
0.15-2+deb7u3.

We recommend that you upgrade your mosquitto packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJav9JTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHXJIQALUMNe9NaCPBKQaTJE3sKo2v
1CIAzcoTwZJzUr/x8zM8Bnompi7kh5j2V4G4GjJyJ31LZheDxRH/k35t1Ba6PAtl
TkTRgO/PVoJKYHIfyUinNvqzsXFpAzld08w5sVlA7zzxmnm6Ppwwdpk6g2hSIoSG
1Z5STvO6eJLiK8u6hXgkqyaY/4eKlfbTe+Fkd35LzoqJPEHNyLHDBsNQk8/VO1xn
3aNjsU7kc07n/qofFKcWZrlSt6L8Q+ucmHeinwOKT8r/H7/DxXr3yqQqXJ/C+/n+
cwjX5KTng5eEy27WmHv41oamaty4qmlM1uf/yX48th8FQdV6AV7uRK2Y+AKsat04
VaZdTBk4AZKn8u7A9jypqoILhU97SJyVO1jvO5Cqe2lP4OrT9J86MWDs496ZtQEb
4Qi6M76LueYoo7iggv67ATQKwXpARS3J8fMEo+0xBC+Oa76m016eotPkUdRpmmMC
08BSzI2tuQG3i4gbbz96u5bhCyGauFcjnWsTHD97MgCGz9LfBywkrk4eippp/sIF
rJMsYNJMfiJfB2L7f2dZ+heinTjM1x4KfKf+LceZiNcHy6SNycUFD0YLs9ZxvK90
/o5Diq8tjlCl6lxr4A3swvl3xxlpC+M9XuPgfWIsnWxKIQ6J+1Qmv4f6RVfNHAJc
cys3l3XIVUAWhqkkuvaF
=qQYi
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1333-1] dovecot security update
Next by Date: [SECURITY] [DLA 1335-1] zsh security update
Previous by thread: [SECURITY] [DLA 1333-1] dovecot security update
Next by thread: [SECURITY] [DLA 1335-1] zsh security update
Index(es):
- Date
- Thread