Security update for zeromq
This update for zeromq fixes the following issues:
- CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116).
- Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256)
- Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257)
- Fixed memory leak when processing PUB messages with metadata (bsc#1176259)
- Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1176259
VUL-1: zeromq: libzmq - Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP
bnc#1176258
VUL-0: zeromq: libzmq - Stack overflow on server running PUB/XPUB socket (CURVE disabled)
bnc#1176256
VUL-0: zeromq: libzmq - Heap overflow when receiving malformed ZMTP v1 packets
bnc#1176257
VUL-1: zeromq: libzmq - Memory leak in client induced by malicious server(s) without CURVE/ZAP
bnc#1176116
VUL-0: EMBARGOED: CVE-2020-15166: zeromq: zeromq connects peer before handshake is completed
