Package "libzmq3"
Name: |
libzmq3
|
Description: |
lightweight messaging kernel (shared library)
|
Latest version: |
4.0.4+dfsg-2ubuntu0.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Head package: |
zeromq3 |
Homepage: |
http://www.zeromq.org/ |
Links
Download "libzmq3"
Other versions of "libzmq3" in Trusty
Changelog
zeromq3 (4.0.4+dfsg-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: man-in-the-middle attackers to conduct
downgrade attacks via a crafted connection request.
- debian/patches/CVE-2014-7202.patch: Solution: accept only the
mechanism defined by the socket options.
- CVE-2014-7202
* SECURITY UPDATE: man-in-the-middle attackers to conduct replay
attacks via unspecified vectors.
- debian/patches/CVE-2014-7203.patch: Solution: ensure message
short nonces are strictly increasing and validate them.
- CVE-2014-7203
* SECURITY UPDATE: remote attackers to conduct downgrade attacks
and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2
or earlier header.
- debian/patches/CVE-2014-9721.patch: Solution: if security is
defined on a socket, reject all V2 and earlier connections,
unconditionally.
- CVE-2014-9721
-- Eduardo Barretto <email address hidden> Tue, 07 Aug 2018 10:52:48 -0300
|
CVE-2014-7202 |
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connec |
CVE-2014-7203 |
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks |
CVE-2014-9721 |
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a |
|
About
-
Send Feedback to @ubuntu_updates