Advisories ยป MGASA-2020-0367

Updated zeromq packages fix security vulnerability

Publication date: 15 Sep 2020
Modification date: 15 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-15166


If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange any
message. Handshakes complete successfully, and messages are delivered to the
library, but the server application never receives them (CVE-2020-15166).

Also, the cppzmq package has been rebuilt against the updated zeromq library.