openSUSE-SU-2020:1907-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:1907-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:1907-1
Related
Published
2020-11-13T13:26:15Z
Modified
2020-11-13T13:26:15Z
Summary
Security update for zeromq
Details

This update for zeromq fixes the following issues:

  • CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116).
  • Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256)
  • Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257)
  • Fixed memory leak when processing PUB messages with metadata (bsc#1176259)
  • Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258)

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.1 / libunwind

Package

Name
libunwind
Purl
purl:rpm/suse/libunwind&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.1-lp151.4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "zeromq-tools": "4.2.3-lp151.5.6.1",
            "libunwind-devel": "1.2.1-lp151.4.3.1",
            "zeromq-devel": "4.2.3-lp151.5.6.1",
            "libunwind-32bit": "1.2.1-lp151.4.3.1",
            "libzmq5": "4.2.3-lp151.5.6.1",
            "libunwind": "1.2.1-lp151.4.3.1"
        }
    ]
}

openSUSE:Leap 15.1 / zeromq

Package

Name
zeromq
Purl
purl:rpm/suse/zeromq&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.3-lp151.5.6.1

Ecosystem specific

{
    "binaries": [
        {
            "zeromq-tools": "4.2.3-lp151.5.6.1",
            "libunwind-devel": "1.2.1-lp151.4.3.1",
            "zeromq-devel": "4.2.3-lp151.5.6.1",
            "libunwind-32bit": "1.2.1-lp151.4.3.1",
            "libzmq5": "4.2.3-lp151.5.6.1",
            "libunwind": "1.2.1-lp151.4.3.1"
        }
    ]
}