Advisories » MGASA-2019-0323

Updated zeromq packages fix security vulnerability

Publication date: 14 Nov 2019
Modification date: 14 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13132

Description

A security vulnerability has been reported in libzmq/zeromq.

a remote, unauthenticated client connecting to a libzmq application,
running with a socket listening with CURVE encryption/authentication
enabled, may cause a stack overflow and overwrite the stack with arbitrary
data, due to a buffer overflow in the library. Users running public servers
with the above configuration are highly encouraged to upgrade as soon as
possible, as there are no known mitigations. All versions from 4.0.0 and
upwards are affected (CVE-2019-13132).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25113
• https://www.openwall.com/lists/oss-security/2019/07/08/6
• https://www.debian.org/security/2019/dsa-4477
• https://usn.ubuntu.com/4050-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13132

SRPMS

7/core

• zeromq-4.3.2-1.mga7