Debian DLA-1409-1 : mosquitto security update
Medium Nessus Plugin ID 110818
SynopsisThe remote Debian host is missing a security update.
DescriptionCVE-2017-7651 fix to avoid extraordinary memory consumption by crafted CONNECT packet from unauthenticated client
CVE-2017-7652 in case all sockets/file descriptors are exhausted, this is a fix to avoid default config values after reloading configuration by SIGHUP signal
For Debian 8 'Jessie', these problems have been fixed in version 1.3.4-2+deb8u2.
We recommend that you upgrade your mosquitto packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.