Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0367: zeromq security update

    Date
    145
    Posted By
    If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them (CVE-2020-15166).
    MGASA-2020-0367 - Updated zeromq packages fix security vulnerability
    
    Publication date: 15 Sep 2020
    URL: https://advisories.mageia.org/MGASA-2020-0367.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-15166
    
    If a raw TCP socket is opened and connected to an endpoint that is fully
    configured with CURVE/ZAP, legitimate clients will not be able to exchange any
    message. Handshakes complete successfully, and messages are delivered to the
    library, but the server application never receives them (CVE-2020-15166).
    
    Also, the cppzmq package has been rebuilt against the updated zeromq library.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27256
    - https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166
    
    SRPMS:
    - 7/core/zeromq-4.3.3-1.1.mga7
    - 7/core/cppzmq-4.3.0-2.2.mga7
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.