Skip to content

libzmq 4.0.9
Compare
Choose a tag to compare
@bluca bluca released this 08 Jul 16:34
· 7 commits to master since this release
v4.0.9
This tag was signed with the committer’s verified signature. The key has been revoked.
bluca Luca Boccassi
GPG key ID: 4B29668050785162
Revoked
Learn about vigilant mode.
28625e3

0MQ version 4.0.9 stable, released on 2019/07/08

  • CVE-2019-13132: a remote, unauthenticated client connecting to a
    libzmq application, running with a socket listening with CURVE
    encryption/authentication enabled, may cause a stack overflow and
    overwrite the stack with arbitrary data, due to a buffer overflow in
    the library. Users running public servers with the above configuration
    are highly encouraged to upgrade as soon as possible, as there are no
    known mitigations. All versions from 4.0.0 and upwards are affected.

  • Fix documentation to remove mention of features that are not available in
    4.0.x.

  • Fix parsing application metadata when using CURVE.

Assets 6
Loading