Mosquitto security update for Debian 10 ELTS

Debian 10694 Published by

A security update has been released for Mosquitto, package version 1.5.7-1+deb10u2 on Debian GNU/Linux 10 (Buster) Extended LTS. The update addresses CVE-2024-10525, a vulnerability that can cause out-of-bounds memory access when a malicious broker sends a crafted SUBACK packet to a client using libmosquitto. This issue affects the mosquitto_sub and mosquitto_rr clients when they act in their on_subscribe callback.

ELA-1536-1 mosquitto security update



ELA-1536-1 mosquitto security update


Package : mosquitto
Version : 1.5.7-1+deb10u2 (buster)

Related CVEs :
CVE-2024-10525

CVE-2024-10525
If a malicious broker sends a crafted SUBACK packet with no reason codes, a
client using libmosquitto may make out of bounds memory access when acting in
its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr
clients.


ELA-1536-1 mosquitto security update


GStreamer Base Plugins update for Ubuntu

Windows Package Manager 1.12.250 Pre-Release released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...