Описание
Security update for zeromq
zeromq was updated to fix one security issue and one non-security bug.
The following vulnerability was fixed:
- CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol (boo#931978)
The following bug was fixed:
- boo#912460: avoid curve test to hang for ppc ppc64 ppc64le architectures
Список пакетов
SUSE Enterprise Storage 1.0
libzmq3-4.0.4-13.1
SUSE Linux Enterprise Desktop 12
libzmq3-4.0.4-13.1
SUSE Linux Enterprise Software Development Kit 12
libzmq3-4.0.4-13.1
zeromq-devel-4.0.4-13.1
SUSE Linux Enterprise Workstation Extension 12
libzmq3-4.0.4-13.1
Ссылки
- Link for SUSE-SU-2015:1510-1
- E-Mail link for SUSE-SU-2015:1510-1
- SUSE Security Ratings
- SUSE Bug 912460
- SUSE Bug 931978
- SUSE CVE CVE-2014-9721 page
Описание
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
Затронутые продукты
SUSE Enterprise Storage 1.0:libzmq3-4.0.4-13.1
SUSE Linux Enterprise Desktop 12:libzmq3-4.0.4-13.1
SUSE Linux Enterprise Software Development Kit 12:libzmq3-4.0.4-13.1
SUSE Linux Enterprise Software Development Kit 12:zeromq-devel-4.0.4-13.1
Ссылки
- CVE-2014-9721
- SUSE Bug 931978