remote execution vulnerability
Bug #1811531 reported by
Luca Boccassi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
zeromq (Suse) |
Fix Released
|
High
|
|||
zeromq3 (Debian) |
Fix Released
|
Unknown
|
|||
zeromq3 (Ubuntu) |
Fix Released
|
Undecided
|
Eduardo Barretto |
Bug Description
Dear Maintainer,
A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1].
The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic).
The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases.
As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now.
CVE References
- 2006-2937
- 2006-2940
- 2006-3738
- 2006-4339
- 2006-4343
- 2006-7250
- 2007-3108
- 2007-4995
- 2007-5135
- 2008-0891
- 2008-1672
- 2008-5077
- 2009-0590
- 2009-0591
- 2009-0789
- 2009-1377
- 2009-1378
- 2009-1379
- 2009-1386
- 2009-1387
- 2010-0740
- 2010-0742
- 2010-1633
- 2010-2939
- 2010-3864
- 2010-5298
- 2011-0014
- 2011-3207
- 2011-3210
- 2011-3389
- 2011-4108
- 2011-4576
- 2011-4577
- 2011-4619
- 2011-4944
- 2012-0027
- 2012-0050
- 2012-0845
- 2012-0884
- 2012-1150
- 2012-1165
- 2012-2110
- 2012-2686
- 2012-4929
- 2013-0166
- 2013-0169
- 2013-1437
- 2013-1752
- 2013-4238
- 2013-4314
- 2013-4353
- 2013-6449
- 2013-6450
- 2014-0012
- 2014-0076
- 2014-0160
- 2014-0195
- 2014-0198
- 2014-0221
- 2014-0224
- 2014-1829
- 2014-1830
- 2014-2667
- 2014-3470
- 2014-3505
- 2014-3506
- 2014-3507
- 2014-3508
- 2014-3509
- 2014-3510
- 2014-3511
- 2014-3512
- 2014-3513
- 2014-3566
- 2014-3567
- 2014-3568
- 2014-3570
- 2014-3571
- 2014-3572
- 2014-4650
- 2014-5139
- 2014-7202
- 2014-7203
- 2014-8275
- 2014-9721
- 2015-0204
- 2015-0205
- 2015-0206
- 2015-0209
- 2015-0286
- 2015-0287
- 2015-0288
- 2015-0289
- 2015-0293
- 2015-1788
- 2015-1789
- 2015-1790
- 2015-1791
- 2015-1792
- 2015-2296
- 2015-3194
- 2015-3195
- 2015-3196
- 2015-3197
- 2015-3216
- 2015-4000
- 2016-0702
- 2016-0705
- 2016-0797
- 2016-0798
- 2016-0799
- 2016-0800
- 2016-10745
- 2016-1238
- 2016-2105
- 2016-2106
- 2016-2107
- 2016-2109
- 2016-2176
- 2016-2177
- 2016-2178
- 2016-2179
- 2016-2180
- 2016-2181
- 2016-2182
- 2016-2183
- 2016-6302
- 2016-6303
- 2016-6304
- 2016-6306
- 2016-7052
- 2016-7055
- 2016-9015
- 2017-18342
- 2017-3731
- 2017-3732
- 2017-3735
- 2017-3736
- 2017-3737
- 2017-3738
- 2017-6512
- 2018-0732
- 2018-0734
- 2018-0737
- 2018-0739
- 2018-18074
- 2018-20060
- 2018-5407
- 2018-7750
- 2019-10906
- 2019-11236
- 2019-11324
- 2019-13132
- 2019-1547
- 2019-1551
- 2019-1559
- 2019-1563
- 2019-20907
- 2019-20916
- 2019-5010
- 2019-6250
- 2019-8341
- 2019-9740
- 2019-9947
- 2020-14343
- 2020-15166
- 2020-15523
- 2020-15801
- 2020-1747
- 2020-1971
- 2020-25659
- 2020-26137
- 2020-27783
- 2020-28493
- 2020-29651
- 2020-36242
- 2020-8492
- 2021-23336
- 2021-23840
- 2021-23841
- 2021-28957
- 2021-29921
- 2021-3177
- 2021-33503
- 2021-3426
- 2021-3712
description: | updated |
Changed in zeromq (Suse): | |
importance: | Unknown → High |
status: | Unknown → Confirmed |
Changed in zeromq3 (Debian): | |
status: | Unknown → Fix Released |
Changed in zeromq (Suse): | |
status: | Confirmed → Unknown |
Changed in zeromq3 (Ubuntu): | |
assignee: | nobody → Eduardo dos Santos Barretto (ebarretto) |
Changed in zeromq3 (Ubuntu): | |
status: | New → Fix Committed |
Changed in zeromq (Suse): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Also note that this was introduced in 4.2.0, so xenial is not affected.