[zeromq-dev] Remote code execution in libzmq 4.2.0 -> 4.3.0

Luca Boccassi luca.boccassi at gmail.com
Sat Jan 12 19:40:31 CET 2019


Hi,

Please note that a remote execution vulnerability has been uncovered,
it affects all versions of libzmq from 4.2.0 up to and including 4.3.0.

Users deploying with ASLR and/or CURVE/GSSAPI are not affected.
Deployments of public endpoints without any of those mitigations are
strongly encouraged to update as soon as possible.

See release announcement for details and links:

https://lists.zeromq.org/pipermail/zeromq-announce/2019-January/000058.html

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20190112/296c748d/attachment.sig>


More information about the zeromq-dev mailing list