SUSE Package Hub - openSUSE-2019-237

Update Info

openSUSE-2019-237

Security update for mosquitto

Type: security

Severity: low

Issued: 2019-02-23

Description:

This update for mosquitto fixes the following issues:

Security issues fixed: 

- CVE-2018-12546: Fixed an issue with revoked access to topics (bsc#1125019).
- CVE-2018-12551: Fixed an issue which allowed malformed data in the password file to be treated as valid (bsc#1125020).
- CVE-2018-12550: Fixed an an issue which treats an empty ACL file  wrongly (bsc#1125021).

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

CVE: CVE-2018-12551
CVE: CVE-2018-12550
CVE: CVE-2018-12546
Bugzilla: 1125021 VUL-1: CVE-2018-12550: mosquitto: ACL file mistreated
Bugzilla: 1125020 VUL-1: CVE-2018-12551: mosquitto: malformed data in the password file treated as valid
Bugzilla: 1125019 VUL-1: CVE-2018-12546: mosquitto: issue with revoked access to topic

Packages

mosquitto-1.4.15-bp150.3.3.1