[zeromq-dev] Remote code execution in libzmq 4.2.0 -> 4.3.0

Luca Boccassi luca.boccassi at gmail.com
Mon Jan 14 10:55:42 CET 2019


On Sat, 2019-01-12 at 18:40 +0000, Luca Boccassi wrote:
> Hi,
> 
> Please note that a remote execution vulnerability has been uncovered,
> it affects all versions of libzmq from 4.2.0 up to and including
> 4.3.0.
> 
> Users deploying with ASLR and/or CURVE/GSSAPI are not affected.
> Deployments of public endpoints without any of those mitigations are
> strongly encouraged to update as soon as possible.
> 
> See release announcement for details and links:
> 
> https://lists.zeromq.org/pipermail/zeromq-announce/2019-January/00005
> 8.html

This issue has been assigned CVE-2019-6250.

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20190114/b88a4206/attachment.sig>


More information about the zeromq-dev mailing list