advisories/27256.adv

type: security
subject: Updated zeromq packages fix security vulnerability
CVE:
 - CVE-2020-15166
src:
  7:
   core:
     - zeromq-4.3.3-1.1.mga7
     - cppzmq-4.3.0-2.2.mga7
description: |
  If a raw TCP socket is opened and connected to an endpoint that is fully
  configured with CURVE/ZAP, legitimate clients will not be able to exchange any
  message. Handshakes complete successfully, and messages are delivered to the
  library, but the server application never receives them (CVE-2020-15166).
  
  Also, the cppzmq package has been rebuilt against the updated zeromq library.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=27256
 - https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
ID: MGASA-2020-0367
1	type: security
2	subject: Updated zeromq packages fix security vulnerability
3	CVE:
4	- CVE-2020-15166
5	src:
6	7:
7	core:
8	- zeromq-4.3.3-1.1.mga7
9	- cppzmq-4.3.0-2.2.mga7
10	description: \|
11	If a raw TCP socket is opened and connected to an endpoint that is fully
12	configured with CURVE/ZAP, legitimate clients will not be able to exchange any
13	message. Handshakes complete successfully, and messages are delivered to the
14	library, but the server application never receives them (CVE-2020-15166).
15
16	Also, the cppzmq package has been rebuilt against the updated zeromq library.
17	references:
18	- https://bugs.mageia.org/show_bug.cgi?id=27256
19	- https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
20	ID: MGASA-2020-0367