Publishing details
Changelog
zeromq3 (4.0.4+dfsg-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: man-in-the-middle attackers to conduct
downgrade attacks via a crafted connection request.
- debian/patches/CVE-2014-7202.patch: Solution: accept only the
mechanism defined by the socket options.
- CVE-2014-7202
* SECURITY UPDATE: man-in-the-middle attackers to conduct replay
attacks via unspecified vectors.
- debian/patches/CVE-2014-7203.patch: Solution: ensure message
short nonces are strictly increasing and validate them.
- CVE-2014-7203
* SECURITY UPDATE: remote attackers to conduct downgrade attacks
and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2
or earlier header.
- debian/patches/CVE-2014-9721.patch: Solution: if security is
defined on a socket, reject all V2 and earlier connections,
unconditionally.
- CVE-2014-9721
-- Eduardo Barretto <email address hidden> Tue, 07 Aug 2018 10:52:48 -0300
Builds
Built packages
-
libzmq3
lightweight messaging kernel (shared library)
-
libzmq3-dbg
lightweight messaging kernel (debugging symbols)
-
libzmq3-dbgsym
debug symbols for package libzmq3
-
libzmq3-dev
lightweight messaging kernel (development files)
-
libzmq3-dev-dbgsym
debug symbols for package libzmq3-dev
Package files