lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 14 Jan 2019 22:08:58 +0000
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4368-1] zeromq3 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4368-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 14, 2019                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : zeromq3
CVE ID         : CVE-2019-6250

Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a
lightweight messaging kernel, could result in the execution of arbitrary
code.

For the stable distribution (stretch), this problem has been fixed in
version 4.2.1-4+deb9u1.

We recommend that you upgrade your zeromq3 packages.

For the detailed security status of zeromq3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/zeromq3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlw9B+oACgkQEMKTtsN8
TjY2Fg//cMqmMXI4D6jl3wsp5m0EFZ089qqfylN+IzJlRj4MWg8EzP/EgfoemJJe
8syzJsLzZ7soyHROeVqFQqhz4t3IL+SpZUWFHFWgA8/iR8g0/L4E1AQXwZ6C3Wc9
XfQnuB5kR1di6F+/m3P7gg03uhsAsC3efJ7X/qotWkRAjVgAVJ5pq9EHX3Ymd4pQ
yzvBjnLln0ynVbZ7ju2dyyaFj3JnDT7uhxBsufgPH5FYpPG5UgUkbCx8zYX8Ek3V
R3jJFreNCq3/pPBs/SpeTUAwXyfjNd3ylR5g+rW9slUhjf7uGyx7G3R0DjBo3BiJ
Hyga2Pw81/GS9PeFDwqkE2pa7jx14gn6kBRoitVZyJzEqiIUR2Lm6vOprgOPZAiz
7eMNxCz+RluEMNywRxL+Grt/gBxd03bpYgjxSG+E724t20WcJg7QvCWq9HoeLKiO
6kGGOL/GPGXOcPt9btuCEGEWp+65CAeUgNdIo+kkd2q4WHcZ9kJ02+iPEkXj9Cyd
FFCF5kCvytdjwlQiGRRoAbKNE7X6IlKpp1S+ZHa4NHarbBk8hE2TML/t9r0XsRhQ
F3JsVSE1rmhKenl3h6RPd0BfzoWJ0sOQB+BC/mgi9TgWiL/6mhy1lwuiuiO5U/UR
45ypb818eOekbfp3HOoeZGco7CHMaxLHjG4PbDPps8lR47479/s=
=OF8G
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists