[mosquitto-dev] Security advisory : version 2.0.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mosquitto-dev] Security advisory : version 2.0.10

From: Roger Light <roger@xxxxxxxxxx>
Date: Tue, 6 Apr 2021 12:06:19 +0100
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Dear all,

Version 2.0.10 has been released as a security and bugfix update.

If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault.

Affects versions 2.0.0 to 2.0.9 inclusive.

The changelog and security page will be updated with the CVE number
when it is assigned.

All Mosquitto provided binaries are already updated to 2.0.10.

Regards,

Roger

Prev by Date: Re: [mosquitto-dev] libmosquitto outgoing queue request for comment
Next by Date: [mosquitto-dev] pthreads recommended, optional, ?
Previous by thread: [mosquitto-dev] libmosquitto outgoing queue request for comment
Next by thread: [mosquitto-dev] pthreads recommended, optional, ?
Index(es):
- Date
- Thread

Breadcrumbs