-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0806
mqtt-client security update
8 March 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mqtt-client
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0222
Reference: ESB-2020.1335
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2582
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2582-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
March 05, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : mqtt-client
Version : 1.14-1+deb9u1
CVE ID : CVE-2019-0222
Debian Bug : 925964
A vulnerability was discovered in mqtt-client wher unmarshalling
corrupt MQTT frame can lead to broker Out of Memory exception making
it unresponsive.
For Debian 9 stretch, this problem has been fixed in version
1.14-1+deb9u1.
We recommend that you upgrade your mqtt-client packages.
For the detailed security status of mqtt-client please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mqtt-client
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBCYQAACgkQhj1N8u2c
KO/emg/+MOUnMNGQOfPdW7Y/KYa0hC/RQQlTvaJLzhZT3+bX4qLzqTc1mn/z6oiE
yt1XnXHbzF7hT2+HkE7VnouPJfVZiJpIe9BNvExB+RYNtmjsz5vczQWUxNCmbFBv
K7kA4RgE+wWb1CyiUWp3H1+P3pyYjTwpc+/wiXDJHb1lvMuhUYXXIG5+VE2SloNy
YbbPTHKcXhA2HW/VDDgTdQqCUkj2RXUgnO6L8bgF2qNnWaKnRSy0IKG65jO0Sl1l
WHBZUIJLp2TQlrkTc9yeHq3n5W8ho3WUBTgoDP7yhXRVy4wHChAi6iV9YUm7aCE6
S8Eb9PvysB6dIB9Xb3D7UhkyFiLXhkYtY/I5jNVRzd4s+P8nglM6hRl9HuaZsypB
fQI/jTTpCWaNaqDRRr549HtF6oyZCG4W/VUfTFgStbjWZl0XU6iZYV8DaK4yEayF
Ql/3m4226JZ1C7sjR6Y0zsrpxf5R1iO9sNZsEr3+peM07/NDQ7hSl0SoEgRMNa3l
5GhzopQTqDAT6yYdLFj7++ugMRDaj87yiQZpmADou0oTpJPUFRyyL3RQN03exhVY
hXT8KQzXct+BVu1IzqQki+C0lF/B55ailgWaaNzoID6eVta4t0spq5RYfx/wma9b
EkOsVWDbedWaDaLH8QjDST6Qe7IkQRQOR7pNg6NKxjEl1WJ0Kbs=
=w/ss
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYEVfPeNLKJtyKPYoAQj7WQ//cRAveIEqzDlRhyZTU8RzoIhTk58sU84U
NRA/yjOWs7FPSn3zNbYvdsJDcDbKvKp9d7N5iThFQiijzV9ncGBqPs5NKe521Z45
uZFoHoO44qsiQVtf5clfv0qMKMq8h5l1dmDR1HinDTCaCBjGL8ttsf6WznO1J28i
HUF+TmI+3v9e2nIrJzATA6xtVIS8RAdqelWfJOHeFKcXY6jSf++LImHUaVqAZ9v4
3WwoEEXMCsHYCtFtJViSoXT1m6P32Ky0irZ+KNYvlA0Nnkp0aHBxKTTTEFRg89kc
nW67L5Q1qMiKUlDZd2xaRpH/+y/bDVNucf6N95JBPLNc7nNISvXCzHLvuxcoTWeO
GgozzBDfJ4KcrVWoUNJRKJIV/yKRQb+UXKtLRpV+U+JbgZfjbUtu//2Uga+mRojB
YcHPbNXT8fhV32+WV7NuwWjZXKiAhhzTruvUPCFk6ytIgqhdq5ZbBgZNO6B+9BSl
EHKSr13pS/Wp6BwYMG1y7EZNlscEIxfet+mWhXjq6r3jsSCyV516cUFsuESyFT70
+ynKG5stjPEUX5SdgnIpG2iDWH9hQUn0FH0MyieIkhJh9TFMeDDQ0NSl3gU6pltj
c0jhy2iSqFb9Zf5udL002/avS+KfMWfsQoaB7bexkNBQbHlkOkyf24fldzTa9itD
JfXMD3CJND4=
=1ya4
-----END PGP SIGNATURE-----
The post ESB-2021.0806 – [Debian] mqtt-client: Denial of service – Remote/unauthenticated appeared first on Malware Devil.
https://malwaredevil.com/2021/03/08/esb-2021-0806-debian-mqtt-client-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0806-debian-mqtt-client-denial-of-service-remote-unauthenticated
No comments:
Post a Comment