** Bug watch added: github.com/zeromq/libzmq/issues #3351
   https://github.com/zeromq/libzmq/issues/3351

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to zeromq3 in Ubuntu.
https://bugs.launchpad.net/bugs/1811531

Title:
  remote execution vulnerability

Status in zeromq3 package in Ubuntu:
  New
Status in zeromq3 package in Debian:
  Fix Released
Status in zeromq package in Suse:
  Confirmed

Bug description:
  Dear Maintainer,

  A remote execution vulnerability has been reported in zeromq. Full
  details can be found on the upstream issue tracker [1].

  The issue is fixed in upstream version v4.3.1, just released, or with
  the attached patch which is targeted for v4.2.5 (bionic and cosmic).

  The latest version will hopefully arrive in disco via debian unstable
  soon, but I would recommend patching older releases.

  As mentioned in the upstream tracker and the changelog, the issue can
  be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as
  I am aware no CVEs have been assigned nor have been requested as of
  now.

  [1] https://github.com/zeromq/libzmq/issues/3351

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to