Overview

File _patchinfo of Package patchinfo.16378

<patchinfo incident="16378">
  <issue tracker="bnc" id="1176259">VUL-1: zeromq: libzmq - Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP</issue>
  <issue tracker="bnc" id="1176258">VUL-0: zeromq: libzmq - Stack overflow on server running PUB/XPUB socket (CURVE disabled)</issue>
  <issue tracker="bnc" id="1176256">VUL-0: zeromq:  libzmq - Heap overflow when receiving malformed ZMTP v1 packets</issue>
  <issue tracker="bnc" id="1176257">VUL-1: zeromq:  libzmq - Memory leak in client induced by malicious server(s) without CURVE/ZAP</issue>
  <issue tracker="cve" id="2020-15166"/>
  <issue tracker="bnc" id="1176116">VUL-0: EMBARGOED: CVE-2020-15166: zeromq: zeromq connects peer before handshake is completed</issue>
  <packager>adamm</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for zeromq</summary>
  <description>This update for zeromq fixes the following issues:

- CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116).
- Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256)
- Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257)
- Fixed memory leak when processing PUB messages with metadata (bsc#1176259)
- Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places