Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 33: 2021-8b3202b783 Low: zeromq Buffer Overflow Risk

fedora
Calendar Grey February 7, 2021
Dist Fedora Esm H88
Fedora 33 users, a vital upgrade alert has been released for zeromq, featuring key bug fixes and performance upgrades essential for enhancing system stability and functionality
- Upstream upgrade - Fixes #1921879, #1921972, #1921973, #1921975, #1921976, #1921979, #1921981, #1921983, #1921983, #1921985, #1921987, #1921989, #1921992, #1921994

Summary

The 0MQ lightweight messaging kernel is a library which extends the

standard socket interfaces with features traditionally provided by

specialized messaging middle-ware products. 0MQ sockets provide an

abstraction of asynchronous message queues, multiple messaging

patterns, message filtering (subscriptions), seamless access to

multiple transport protocols and more.

This package contains the ZeroMQ shared library.

- Upstream upgrade - Fixes #1921879, #1921972, #1921973, #1921975, #1921976,

#1921979, #1921981, #1921983, #1921983, #1921985, #1921987, #1921989, #1921992,

#1921994

* Sat Jan 30 2021 Denis Arnaud - 4.3.4-1

- Upstream upgrade

- Fixes #1921879, #1921972, #1921973, #1921975, #1921976, #1921979, #1921981,

- #1921983, #1921983, #1921985, #1921987, #1921989, #1921992, #1921994

[ 1 ] Bug #1921972 - zeromq: Memory leak in client induced by malicious server without CURVE/ZAP

https://bugzilla.redhat.com/show_bug.cgi?id=1921972

[ 2 ] Bug #1921976 - zeromq: Stack overflow on server running PUB/XPUB socket

https://bugzilla.redhat.com/show_bug.cgi?id=1921976

[ 3 ] Bug #1921983 - zeromq: Heap overflow when receiving malformed ZMTP v1 packets

https://bugzilla.redhat.com/show_bug.cgi?id=1921983

[ 4 ] Bug #1921989 - zeromq: Memory leaks via metadata messages processed by PUB sockets

https://bugzilla.redhat.com/show_bug.cgi?id=1921989

su -c 'dnf upgrade --advisory FEDORA-2021-8b3202b783' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora update information vulnerability low severity memory issue bug fixes zeromq

Change Log

References

Update Instructions

Severity
low
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 4.3.4
Release: 1.fc33
URL: https://zeromq.org
Summary: Software library for fast, message-based applications

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora update information vulnerability low severity memory issue bug fixes zeromq

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here