14525 – zeromq new security issues CVE-2014-7202 and CVE-2014-7203

Bug 14525 - zeromq new security issues CVE-2014-7202 and CVE-2014-7203

Summary: zeromq new security issues CVE-2014-7202 and CVE-2014-7203

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Barry Jackson
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/619814/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-13 15:18 CET by David Walser
Modified:	2014-11-16 00:25 CET (History)
CC List:	0 users

See Also:
Source RPM:	zeromq-4.0.4-2.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2014-11-13 15:18:49 CET

OpenSuSE has issued an advisory on November 10:
http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html

The issues are fixed upstream in 4.0.5.

Mageia 3 and Mageia 4 are also affected.

Reproducible: 

Steps to Reproduce:

David Walser 2014-11-13 15:18:56 CET

Whiteboard: (none) => MGA4TOO, MGA3TOO

Comment 1 David Walser 2014-11-13 21:19:36 CET

Looking more closely at this, I believe only the Cauldron version is affected.

Whiteboard: MGA4TOO, MGA3TOO => (none)

Comment 2 Barry Jackson 2014-11-13 21:27:37 CET

Good - thanks.

Comment 3 Barry Jackson 2014-11-13 22:57:22 CET

New version committed and will request freeze push.

Will require rebuild of python-pyzmq and gnuradio when it's pushed.

Comment 4 David Walser 2014-11-16 00:25:42 CET

Fixed in zeromq-4.0.5-1.mga5.  Thanks Barry!

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.