*** This bug is a security vulnerability ***
Public security bug reported:
Dear Maintainer,
A remote execution vulnerability has been reported in zeromq. Full
details can be found on the upstream issue tracker [1].
The issue is fixed in upstream version v4.3.1, just released, or with
the attached patch which is targeted for v4.2.5 (bionic and cosmic).
The latest version will hopefully arrive in disco via debian unstable
soon, but I would recommend patching older releases.
As mentioned in the upstream tracker and the changelog, the issue can be
mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am
aware no CVEs have been assigned nor have been requested as of now.
** Affects: zeromq3 (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "backported patch for 4.2.5"
https://bugs.launchpad.net/bugs/1811531/+attachment/5228726/+files/pointer_overflow.patch
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1811531
Title:
remote execution vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
