[zeromq-dev] Remote code execution in libzmq 4.2.0 -> 4.3.0
Trevor Bernard
trevor.bernard at gmail.com
Sat Jan 12 21:23:27 CET 2019
Is would be prudent to also back port that RCE fix to 4.2.x
-Trev
On Sat, Jan 12, 2019 at 1:44 PM Luca Boccassi <luca.boccassi at gmail.com> wrote:
>
> Hi,
>
> Please note that a remote execution vulnerability has been uncovered,
> it affects all versions of libzmq from 4.2.0 up to and including 4.3.0.
>
> Users deploying with ASLR and/or CURVE/GSSAPI are not affected.
> Deployments of public endpoints without any of those mitigations are
> strongly encouraged to update as soon as possible.
>
> See release announcement for details and links:
>
> https://lists.zeromq.org/pipermail/zeromq-announce/2019-January/000058.html
>
> --
> Kind regards,
> Luca Boccassi_______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list