stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dbg" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dbgsym" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dev" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dev-dbgsym" } ] }