[Buildroot] [PATCH] mosquitto: security bump to version 1.4.15
Peter Korsgaard
peter at korsgaard.com
Tue Apr 10 20:51:15 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT
> packet which causes large amounts of memory use in the broker. If multiple
> clients do this, an out of memory situation can occur and the system may
> become unresponsive or the broker will be killed by the operating system.
> The fix addresses the problem by limiting the permissible size for CONNECT
> packet, and by adding a memory_limit configuration option that allows the
> broker to self limit the amount of memory it uses.
> The hash of new tarball is not (yet) available through download.php, so use
> a locally calculated hash.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list