Описание
Security update for zeromq
This update for zeromq fixes the following issues:
- CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)
Список пакетов
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
libzmq3-4.0.4-3.3.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
libzmq3-4.0.4-3.3.1
Ссылки
- Link for SUSE-SU-2019:14117-1
- E-Mail link for SUSE-SU-2019:14117-1
- SUSE Security Ratings
- SUSE Bug 1140255
- SUSE CVE CVE-2019-13132 page
Описание
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:libzmq3-4.0.4-3.3.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:libzmq3-4.0.4-3.3.1
Ссылки
- CVE-2019-13132
- SUSE Bug 1140255