FreeBSD Bugzilla – Attachment 157428 Details for
Bug 200502
net/libzmq4: Update to 4.1.2 (And fix CVE-2014-9721)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml entry for libzmq4 and CVE-2014-9721
libzmq4-vuxml2.diff (text/plain), 1.46 KB, created by
Jason Unovitch
on 2015-06-05 01:58:11 UTC
(
hide
)
Description:
security/vuxml entry for libzmq4 and CVE-2014-9721
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-06-05 01:58:11 UTC
Size:
1.46 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 388559) >+++ security/vuxml/vuln.xml (working copy) >@@ -57,6 +57,37 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="10a6d0aa-0b1c-11e5-bb90-002590263bf5"> >+ <topic>libzmq4 -- V3 protocol handler vulnerable to downgrade attacks</topic> >+ <affects> >+ <package> >+ <name>libzmq4</name> >+ <range><ge>4.0.0</ge><lt>4.0.6</lt></range> >+ <range><ge>4.1.0</ge><lt>4.1.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Pieter Hintjens reports:</p> >+ <blockquote cite="https://github.com/zeromq/libzmq/issues/1273"> >+ <p>It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by >+ sending a ZMTP v2 or earlier header. The library accepts such >+ connections without applying its security mechanism.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2014-9721</cvename> >+ <url>https://github.com/zeromq/libzmq/issues/1273</url> >+ <mlist>http://www.openwall.com/lists/oss-security/2015/05/07/8</mlist> >+ <freebsdpr>200502</freebsdpr> >+ </references> >+ <dates> >+ <discovery>2014-12-04</discovery> >+ <entry>2015-06-05</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="e69af246-0ae2-11e5-90e4-d050996490d0"> > <topic>pcre -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=157428">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
delphij
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 200502
:
157421
|
157422
|
157427
| 157428 |
157449
|
157450