Debian Security Advisory

DSA-4388-1 mosquitto -- security update

Date Reported:
10 Feb 2019
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-12546, CVE-2018-12550, CVE-2018-12551.
More information:

Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to for additional information.

For the stable distribution (stretch), these problems have been fixed in version 1.4.10-3+deb9u3.

We recommend that you upgrade your mosquitto packages.

For the detailed security status of mosquitto please refer to its security tracker page at: