[SECURITY] [DLA 2793-1] mosquitto security update

2021-10-2714:58:27

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

59.0%

JSON

Debian LTS Advisory DLA-2793-1 [email protected]
https://www.debian.org/lts/security/ Anton Gladky
October 26, 2021 https://wiki.debian.org/LTS

Package : mosquitto
Version : 1.4.10-3+deb9u5
CVE ID : CVE-2017-7655

One security issue has been discovered in mosquitto: MQTT message broker.
A null dereference vulnerability was found which could lead to crashes for
applications using the library.

For Debian 9 stretch, this problem has been fixed in version
1.4.10-3+deb9u5.

We recommend that you upgrade your mosquitto packages.

For the detailed security status of mosquitto please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mosquitto

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9armellibmosquitto1< 1.4.10-3+deb9u5libmosquitto1_1.4.10-3+deb9u5_armel.deb
Debian8armhfmosquitto-dbg< 1.3.4-2+deb8u4mosquitto-dbg_1.3.4-2+deb8u4_armhf.deb
Debian9arm64mosquitto-clients< 1.4.10-3+deb9u5mosquitto-clients_1.4.10-3+deb9u5_arm64.deb
Debian8amd64mosquitto-clients< 1.3.4-2+deb8u4mosquitto-clients_1.3.4-2+deb8u4_amd64.deb
Debian9i386libmosquitto1-dbg< 1.4.10-3+deb9u5libmosquitto1-dbg_1.4.10-3+deb9u5_i386.deb
Debian8amd64mosquitto< 1.3.4-2+deb8u4mosquitto_1.3.4-2+deb8u4_amd64.deb
Debian9armellibmosquittopp1< 1.4.10-3+deb9u5libmosquittopp1_1.4.10-3+deb9u5_armel.deb
Debian9armelmosquitto-clients< 1.4.10-3+deb9u5mosquitto-clients_1.4.10-3+deb9u5_armel.deb
Debian8amd64libmosquittopp1< 1.3.4-2+deb8u4libmosquittopp1_1.3.4-2+deb8u4_amd64.deb
Debian8allmosquitto< 1.3.4-2+deb8u4mosquitto_1.3.4-2+deb8u4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libmosquitto1	< 1.4.10-3+deb9u5	libmosquitto1_1.4.10-3+deb9u5_armel.deb
Debian	8	armhf	mosquitto-dbg	< 1.3.4-2+deb8u4	mosquitto-dbg_1.3.4-2+deb8u4_armhf.deb
Debian	9	arm64	mosquitto-clients	< 1.4.10-3+deb9u5	mosquitto-clients_1.4.10-3+deb9u5_arm64.deb
Debian	8	amd64	mosquitto-clients	< 1.3.4-2+deb8u4	mosquitto-clients_1.3.4-2+deb8u4_amd64.deb
Debian	9	i386	libmosquitto1-dbg	< 1.4.10-3+deb9u5	libmosquitto1-dbg_1.4.10-3+deb9u5_i386.deb
Debian	8	amd64	mosquitto	< 1.3.4-2+deb8u4	mosquitto_1.3.4-2+deb8u4_amd64.deb
Debian	9	armel	libmosquittopp1	< 1.4.10-3+deb9u5	libmosquittopp1_1.4.10-3+deb9u5_armel.deb
Debian	9	armel	mosquitto-clients	< 1.4.10-3+deb9u5	mosquitto-clients_1.4.10-3+deb9u5_armel.deb
Debian	8	amd64	libmosquittopp1	< 1.3.4-2+deb8u4	libmosquittopp1_1.3.4-2+deb8u4_amd64.deb
Debian	8	all	mosquitto	< 1.3.4-2+deb8u4	mosquitto_1.3.4-2+deb8u4_all.deb