[SECURITY] [DLA 1525-1] mosquitto security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : mosquitto
Version : 1.3.4-2+deb8u3
CVE ID : CVE-2017-7653 CVE-2017-7654 CVE-2017-9868
CVE-2017-7653
As invalid UTF-8 strings are not correctly checked, an attacker could
cause a denial of service to other clients by disconnecting
them from the broker with special crafted topics.
CVE-2017-7654
Due to a memory leak unauthenticated clients can send special crafted
CONNECT packets which could cause a denial of service in the broker.
CVE-2017-9868
Due to wrong file permissions local users could obtain topic
information from the mosquitto database.
For Debian 8 "Jessie", these problems have been fixed in version
1.3.4-2+deb8u3.
We recommend that you upgrade your mosquitto packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJbrpb0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH5BoP/1VcrqsWn53Hw3Ng7AsrMtwS
32k7z1Rqf1V6bAIVxDQqhpLpC451afbCdkfbTRXfHsGhZ7SuyJ40iSeg6KqbmFoQ
wOWjlwmyyDx1Snm0nZcTf8gtiysK7AkfC2EXjr+jDjd1X2sJg6xmgKV962Y14K7i
ma0Hul2l6auMW1o/RX67/hzDI5FWp4KZ3fCRELjrX8DpFV3kaMneZxdKMg0srIfr
xiIJzGOqaFyhs/TmtpogjFjmX58KkZqipw/DGJlAW1ywi5JWRbTFNZtbM8DzaqX8
rLGQYFyVN5rHVop5JHO6cqD+4IYQlJsSctJ4L6RoeMfsQCWqta2+JHulVF93Bo0M
moIk8EKz5Pdh3GKgzG8nja6m6l58hdOigePSwcn9VcYAVcYW133xUwo8VEibKzoR
cV9UFlbPUW5zjJ1kBc9Nzse9S6RdUH42l4VRFtXzutC1WBU41JhyuWvvZmsnY8eq
pc6zkIa5xo+78T779SEy3MbJrWZ/ekOcr444G880wSU4eq8fXb8BeXOydgQZJQbw
U3OEY04LhjjXZn0uhFQLrCiTeqGh8A0Y2pwjFTZaCRQNqvmF5tpl/dX5ptlQUkbl
OyL4K0c/ftgDe8PNPS7YK2IXsiQeiPNRR6OGzqNXquE4vDoJPy9FMObn0vi00sGL
O8vycBRZhRA03H3hXLcd
=47Lg
-----END PGP SIGNATURE-----
Reply to: