Mageia 7 & 8 MGASA-2021-0159 Critical: Zeromq Memory Leak & Overflow
mageia
March 30, 2021
Memory leak in client induced by malicious server without CURVE/ZAP (rhbz#1921972)
Summary
Memory leak in client induced by malicious server without CURVE/ZAP (rhbz#1921972). Stack overflow on server running PUB/XPUB socket (rhbz#1921976).
References
- https://bugs.mageia.org/show_bug.cgi?id=28320
- https://lists.zeromq.org/pipermail/zeromq-announce/2021-January/000068.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A73URKLEFEB5USSGSLKTP7XWE5JUKSB7/
Resolution
SRPMS
- 8/core/zeromq-4.3.4-1.1.mga8
- 8/core/cppzmq-4.7.1-1.1.mga8
- 7/core/zeromq-4.3.4-1.1.mga7
- 7/core/cppzmq-4.3.0-2.4.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 30 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0159.html
Type: security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!