Mageia 2021-0159: zeromq security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
MGASA-2021-0159 - Updated zeromq packages fix security vulnerabilities

Publication date: 30 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0159.html
Type: security
Affected Mageia releases: 7, 8

Memory leak in client induced by malicious server without CURVE/ZAP
(rhbz#1921972).

Stack overflow on server running PUB/XPUB socket (rhbz#1921976).

Heap overflow when receiving malformed ZMTP v1 packets (rhbz#1921983).

Memory leaks via metadata messages processed by PUB sockets (rhbz#1921989).

Also, the cppzmq package has been rebuilt to fix the broken dependency on
zeromq-devel.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28320
- https://lists.zeromq.org/pipermail/zeromq-announce/2021-January/000068.html
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/A73URKLEFEB5USSGSLKTP7XWE5JUKSB7/

SRPMS:
- 8/core/zeromq-4.3.4-1.1.mga8
- 8/core/cppzmq-4.7.1-1.1.mga8
- 7/core/zeromq-4.3.4-1.1.mga7
- 7/core/cppzmq-4.3.0-2.4.mga7

Mageia 2021-0159: zeromq security update

Memory leak in client induced by malicious server without CURVE/ZAP (rhbz#1921972)

Summary

References

- https://bugs.mageia.org/show_bug.cgi?id=28320

- https://lists.zeromq.org/pipermail/zeromq-announce/2021-January/000068.html

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/A73URKLEFEB5USSGSLKTP7XWE5JUKSB7/

Resolution

MGASA-2021-0159 - Updated zeromq packages fix security vulnerabilities

SRPMS

- 8/core/zeromq-4.3.4-1.1.mga8

- 8/core/cppzmq-4.7.1-1.1.mga8

- 7/core/zeromq-4.3.4-1.1.mga7

- 7/core/cppzmq-4.3.0-2.4.mga7

Severity
Publication date: 30 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0159.html
Type: security

Related News

5 Best free to use Linux Server distributions for 2023

New TPM 2.0 Flaws Could Let Hackers Steal Cryptographic Keys

Use Cockpit for Linux Remote Server Administration

X.Org Server Hit By New Local Privilege Escalation Vulnerability

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy