rpm/zeromq
SHA256
1
0
Fork 0
forked from pool/zeromq
Code Pull Requests Activity
43 Commits 1 Branch 0 Tags 5 MiB
RPM Spec 100%
3e3b37d5cc
Go to file
Adam Majer 3e3b37d5cc - New upstream version 4.3.3: 
* Denial-of-Service on CURVE/ZAP-protected servers by
    unauthenticated clients. (CVE-2020-15166, bsc#1176116)
    If a raw TCP socket is opened and connected to an endpoint that is fully
    configured with CURVE/ZAP, legitimate clients will not be able to exchange
    any message. Handshakes complete successfully, and messages are delivered to
    the library, but the server application never receives them.
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
  * Stack overflow on server running PUB/XPUB socket (CURVE disabled).
    The PUB/XPUB subscription store (mtrie) is traversed using recursive
    function calls. In the remove (unsubscription) case, the recursive calls are
    NOT tail calls, so even with optimizations the stack grows linearly with the
    length of a subscription topic. Topics are under the control of remote
    clients - they can send a subscription to arbitrary length topics. An
    attacker can thus cause a server to create an mtrie sufficiently large such
    that, when unsubscribing, traversal will cause a stack overflow.
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
  * Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
    Messages with metadata are never processed by PUB sockets, but the metadata
    is kept referenced in the PUB object and never freed.
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
  * Memory leak in client induced by malicious server(s) without CURVE/ZAP.
    When a pipe processes a delimiter and is already not in active state but
    still has an unfinished message, the message is leaked.
    For more information see the security advisory:
    https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
  * Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=74
2020-09-07 17:11:05 +00:00
.gitattributes Accepting request 85003 from network:messaging 2011-09-27 07:39:43 +00:00
.gitignore Accepting request 85003 from network:messaging 2011-09-27 07:39:43 +00:00
baselibs.conf Accepting request 621882 from home:dimstar:Factory 2018-07-10 12:25:12 +00:00
zeromq-4.3.3.tar.gz - New upstream version 4.3.3: 2020-09-07 17:11:05 +00:00
zeromq.changes - New upstream version 4.3.3: 2020-09-07 17:11:05 +00:00
zeromq.spec - New upstream version 4.3.3: 2020-09-07 17:11:05 +00:00