Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1767-1

Опубликовано: 21 июл. 2019
Источник: suse-cvrf

Описание

Security update for zeromq

This update for zeromq fixes the following issues:

  • CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255)

  • Correctly mark license files as licence instead of documentation (bsc#1082318)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
libzmq5-4.2.3-lp151.5.3.1
zeromq-devel-4.2.3-lp151.5.3.1
zeromq-tools-4.2.3-lp151.5.3.1
openSUSE Leap 15.1
libzmq5-4.2.3-lp151.5.3.1
zeromq-devel-4.2.3-lp151.5.3.1
zeromq-tools-4.2.3-lp151.5.3.1

Ссылки

Описание

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

Затронутые продукты
openSUSE Leap 15.0:libzmq5-4.2.3-lp151.5.3.1
openSUSE Leap 15.0:zeromq-devel-4.2.3-lp151.5.3.1
openSUSE Leap 15.0:zeromq-tools-4.2.3-lp151.5.3.1
openSUSE Leap 15.1:libzmq5-4.2.3-lp151.5.3.1
Ссылки
Уязвимость openSUSE-SU-2019:1767-1