Package "zeromq3"
Name: |
zeromq3
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- lightweight messaging kernel (shared library)
- lightweight messaging kernel (debugging symbols)
- lightweight messaging kernel (development files)
|
Latest version: |
4.0.4+dfsg-2ubuntu0.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "zeromq3" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
zeromq3 (4.0.4+dfsg-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: man-in-the-middle attackers to conduct
downgrade attacks via a crafted connection request.
- debian/patches/CVE-2014-7202.patch: Solution: accept only the
mechanism defined by the socket options.
- CVE-2014-7202
* SECURITY UPDATE: man-in-the-middle attackers to conduct replay
attacks via unspecified vectors.
- debian/patches/CVE-2014-7203.patch: Solution: ensure message
short nonces are strictly increasing and validate them.
- CVE-2014-7203
* SECURITY UPDATE: remote attackers to conduct downgrade attacks
and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2
or earlier header.
- debian/patches/CVE-2014-9721.patch: Solution: if security is
defined on a socket, reject all V2 and earlier connections,
unconditionally.
- CVE-2014-9721
-- Eduardo Barretto <email address hidden> Tue, 07 Aug 2018 10:52:48 -0300
|
CVE-2014-7202 |
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connec |
CVE-2014-7203 |
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks |
CVE-2014-9721 |
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a |
|
About
-
Send Feedback to @ubuntu_updates