==========================================================================
Ubuntu Security Notice USN-4137-1
September 23, 2019

Mosquitto vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04

Summary:

Mosquitto could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
– mosquitto: MQTT version 3.1/3.1.1 compatible message broker

Details:

It was discovered that Mosquitto incorrectly handled certain specially crafted
input and network packets. A remote attacker could use this to cause a denial
of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libmosquitto1 1.5.7-1ubuntu0.1
libmosquittopp1 1.5.7-1ubuntu0.1
mosquitto 1.5.7-1ubuntu0.1
mosquitto-clients 1.5.7-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4137-1
CVE-2019-11779

Package Information:
https://launchpad.net/ubuntu/+source/mosquitto/1.5.7-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl2JFp4ACgkQdyg1Qz0o
XX243A/+MRkiT7Ho6Zfj8E5vqTBqA/zLwgBPm29Jj07p2cFyKymLs8nIAGoDGBCE
lpqKE+SksIZkL9jxUtWJrqkGc+RXzoAh+BXb5GTiaSfCIMU5HmAzvP66GYiW80Zm
IAUzYpniSCWrDRiMpOVkug+1CRWv/duwr6gdEqdihNkgb48WkFQyhpS+EFjIflXg
iqcrv1bi5z733hJblbMGujeg2Ij3B2Iia1kD2vxFbDnOMMXW9gxTaMXRFlMKRacP
uNmMhVVPceeZ+M8nXJpMAykS/PeQpg1RFW4R6xHg0kRo/a8K/nHyB1f/AgldPjPx
C8/5xcwKhHhrAT4O1uORq3WG3ITgYhZH7jgsDcrqIs85YNO5GYpTeR3Txx+YrCf6
5GQ3KnOaxi4scdmP9bb+CqM6EAtHXDFEjK+kQ5CucmJPOPkBnCGnE8GPnwWgyIsx
jNujxH2NwbRktnFlRcuDEHksCZmbVairqXXYDm1l5hnqVIJ1dVbHTxpDr5Lzmquj
eLeR7/gylAR+u7i6XvC7rkgFOb5mbmDIyDdYfm9O47thMR+FPMZkLi7URsvtuSs5
VWDhPWbYJ734KcUo3QmyZUXV1AvaR9LWsCCFaSyrK+fM7hT93f0hHjNVzw11yDSd
+b6dxSxbTIgb7kJRr4IC5z3hW5XB98TwucC4rLPdLyEi/F0CUpk=
=M9sS
—–END PGP SIGNATURE—–
—