Advisories » MGASA-2020-0367

Updated zeromq packages fix security vulnerability

Publication date: 15 Sep 2020
Modification date: 15 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-15166

Description

If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange any
message. Handshakes complete successfully, and messages are delivered to the
library, but the server application never receives them (CVE-2020-15166).

Also, the cppzmq package has been rebuilt against the updated zeromq library.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27256
• https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166

SRPMS

7/core

• zeromq-4.3.3-1.1.mga7
• cppzmq-4.3.0-2.2.mga7