========================================================================== Ubuntu Security Notice USN-4023-1 June 20, 2019 mosquitto vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Mosquitto. Software Description: - mosquitto: MQTT version 3.1/3.1.1 compatible message broker Details: It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libmosquitto1 1.4.15-2ubuntu0.18.10.3 libmosquittopp1 1.4.15-2ubuntu0.18.10.3 mosquitto 1.4.15-2ubuntu0.18.10.3 mosquitto-clients 1.4.15-2ubuntu0.18.10.3 Ubuntu 18.04 LTS: libmosquitto1 1.4.15-2ubuntu0.18.04.3 libmosquittopp1 1.4.15-2ubuntu0.18.04.3 mosquitto 1.4.15-2ubuntu0.18.04.3 mosquitto-clients 1.4.15-2ubuntu0.18.04.3 Ubuntu 16.04 LTS: libmosquitto1 1.4.8-1ubuntu0.16.04.7 libmosquittopp1 1.4.8-1ubuntu0.16.04.7 mosquitto 1.4.8-1ubuntu0.16.04.7 mosquitto-clients 1.4.8-1ubuntu0.16.04.7 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4023-1 CVE-2017-7653, CVE-2017-7654 Package Information: https://launchpad.net/ubuntu/+source/mosquitto/1.4.15-2ubuntu0.18.10.3 https://launchpad.net/ubuntu/+source/mosquitto/1.4.15-2ubuntu0.18.04.3 https://launchpad.net/ubuntu/+source/mosquitto/1.4.8-1ubuntu0.16.04.7