SUSE-SU-2019:1785-1

Опубликовано: 09 июл. 2019

Источник: suse-cvrf

Описание

Security update for zeromq

This update for zeromq fixes the following issues:

CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)

Список пакетов

Image SLES12-SP5-Azure-BYOS

libzmq3-4.0.4-15.3.1

Image SLES12-SP5-Azure-HPC-BYOS

libzmq3-4.0.4-15.3.1

Image SLES12-SP5-Azure-SAP-BYOS

libzmq3-4.0.4-15.3.1

Image SLES12-SP5-EC2-BYOS

libzmq3-4.0.4-15.3.1

Image SLES12-SP5-EC2-SAP-BYOS

libzmq3-4.0.4-15.3.1

Image SLES12-SP5-GCE-BYOS

libzmq3-4.0.4-15.3.1

Image SLES12-SP5-GCE-SAP-BYOS

libzmq3-4.0.4-15.3.1

SUSE Enterprise Storage 4

libzmq3-4.0.4-15.3.1

SUSE Enterprise Storage 5

libzmq3-4.0.4-15.3.1

SUSE Linux Enterprise Desktop 12 SP4

libzmq3-4.0.4-15.3.1

SUSE Linux Enterprise Module for Advanced Systems Management 12

libzmq3-4.0.4-15.3.1

SUSE Linux Enterprise Point of Sale 12 SP2

libzmq3-4.0.4-15.3.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libzmq3-4.0.4-15.3.1

zeromq-devel-4.0.4-15.3.1

SUSE Linux Enterprise Workstation Extension 12 SP4

libzmq3-4.0.4-15.3.1

SUSE Manager Client Tools 12

libzmq3-4.0.4-15.3.1

SUSE Manager Proxy 3.2

libzmq3-4.0.4-15.3.1

SUSE Manager Server 3.2

libzmq3-4.0.4-15.3.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191785-1/
Link for SUSE-SU-2019:1785-1
https://lists.suse.com/pipermail/sle-security-updates/2019-July/005675.html
E-Mail link for SUSE-SU-2019:1785-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1140255
SUSE Bug 1140255
https://www.suse.com/security/cve/CVE-2019-13132/
SUSE CVE CVE-2019-13132 page

Описание

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

Затронутые продукты

Image SLES12-SP5-Azure-BYOS:libzmq3-4.0.4-15.3.1

Image SLES12-SP5-Azure-HPC-BYOS:libzmq3-4.0.4-15.3.1

Image SLES12-SP5-Azure-SAP-BYOS:libzmq3-4.0.4-15.3.1

Image SLES12-SP5-EC2-BYOS:libzmq3-4.0.4-15.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-13132.html
CVE-2019-13132
https://bugzilla.suse.com/1140255
SUSE Bug 1140255

SUSE-SU-2019:1785-1

Описание

Список пакетов

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-SAP-BYOS

SUSE Enterprise Storage 4

SUSE Enterprise Storage 5

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Module for Advanced Systems Management 12

SUSE Linux Enterprise Point of Sale 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Workstation Extension 12 SP4

SUSE Manager Client Tools 12

SUSE Manager Proxy 3.2

SUSE Manager Server 3.2

Ссылки

Уязвимость: CVE-2019-13132

Описание

Затронутые продукты

Ссылки