Advisories ยป MGASA-2021-0159

Updated zeromq packages fix security vulnerabilities

Publication date: 30 Mar 2021
Modification date: 30 Mar 2021
Type: security
Affected Mageia releases : 7 , 8

Description

Memory leak in client induced by malicious server without CURVE/ZAP
(rhbz#1921972).

Stack overflow on server running PUB/XPUB socket (rhbz#1921976).

Heap overflow when receiving malformed ZMTP v1 packets (rhbz#1921983).

Memory leaks via metadata messages processed by PUB sockets (rhbz#1921989).

Also, the cppzmq package has been rebuilt to fix the broken dependency on
zeromq-devel.
                

References

SRPMS

7/core

8/core