MGASA-2020-0367 - Updated zeromq packages fix security vulnerability Publication date: 15 Sep 2020 URL: https://advisories.mageia.org/MGASA-2020-0367.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-15166 If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them (CVE-2020-15166). Also, the cppzmq package has been rebuilt against the updated zeromq library. References: - https://bugs.mageia.org/show_bug.cgi?id=27256 - https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166 SRPMS: - 7/core/zeromq-4.3.3-1.1.mga7 - 7/core/cppzmq-4.3.0-2.2.mga7
Mageia 2020-0367: zeromq security update
If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message
Summary
If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange any
message. Handshakes complete successfully, and messages are delivered to the
library, but the server application never receives them (CVE-2020-15166).
Also, the cppzmq package has been rebuilt against the updated zeromq library.
References
- https://bugs.mageia.org/show_bug.cgi?id=27256
- https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166
Resolution
MGASA-2020-0367 - Updated zeromq packages fix security vulnerability
SRPMS
- 7/core/zeromq-4.3.3-1.1.mga7
- 7/core/cppzmq-4.3.0-2.2.mga7
Severity
Publication date: 15 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0367.html
Type: security
CVE: CVE-2020-15166
News
HOWTOs
About Us
Powered By
