Reloading mosquitto configuration when sockets are exhausted leads to default security options
Bug #1752124 reported by
Roger Light
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mosquitto (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
If mosquitto has used all of the available sockets/file descriptors and a SIGHUP signal is received to reload the configuration, then the reloading will fail and default options will apply for most of the configuration. This means that security options may be removed.
This bug affects all versions of mosquitto from 1.0 to 1.4.14 inclusive. It is fixed in version 1.4.15.
This has been registered as CVE-2017-7652.
Patches for current versions of mosquitto will be available at https:/
information type: | Private Security → Public Security |
To post a comment you must log in.