ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2025.0106
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2025-0106)
Resumen:	The remote host is missing an update for the 'mosquitto' package(s) announced via the MGASA-2025-0106 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mosquitto' package(s) announced via the MGASA-2025-0106 advisory. Vulnerability Insight: The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. Affected Software/OS: 'mosquitto' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-28366 Debian Security Information: DSA-5511 (Google Search) https://www.debian.org/security/2023/dsa-5511 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X/ https://security.gentoo.org/glsa/202401-09 https://github.com/eclipse/mosquitto/compare/v2.0.15...v2.0.16 https://www.compass-security.com/fileadmin/Research/Advisories/2023_02_CSNC-2023-001_Eclipse_Mosquitto_Memory_Leak.txt
Copyright	Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.