1 |
type: security |
2 |
subject: Updated zeromq packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2020-15166 |
5 |
src: |
6 |
7: |
7 |
core: |
8 |
- zeromq-4.3.3-1.1.mga7 |
9 |
- cppzmq-4.3.0-2.2.mga7 |
10 |
description: | |
11 |
If a raw TCP socket is opened and connected to an endpoint that is fully |
12 |
configured with CURVE/ZAP, legitimate clients will not be able to exchange any |
13 |
message. Handshakes complete successfully, and messages are delivered to the |
14 |
library, but the server application never receives them (CVE-2020-15166). |
15 |
|
16 |
Also, the cppzmq package has been rebuilt against the updated zeromq library. |
17 |
references: |
18 |
- https://bugs.mageia.org/show_bug.cgi?id=27256 |
19 |
- https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m |
20 |
ID: MGASA-2020-0367 |