[SECURITY] [DSA 4368-1] zeromq3 security update

2019-01-1422:08:58

lists.debian.org

221

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.606 Medium

EPSS

Percentile

97.8%

JSON

Debian Security Advisory DSA-4368-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2019 https://www.debian.org/security/faq

Package : zeromq3
CVE ID : CVE-2019-6250

Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a
lightweight messaging kernel, could result in the execution of arbitrary
code.

For the stable distribution (stretch), this problem has been fixed in
version 4.2.1-4+deb9u1.

We recommend that you upgrade your zeromq3 packages.

For the detailed security status of zeromq3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/zeromq3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9armellibzmq5-dbg< 4.2.1-4+deb9u1libzmq5-dbg_4.2.1-4+deb9u1_armel.deb
Debian9arm64libzmq5-dbg< 4.2.1-4+deb9u1libzmq5-dbg_4.2.1-4+deb9u1_arm64.deb
Debian9armellibzmq3-dev< 4.2.1-4+deb9u1libzmq3-dev_4.2.1-4+deb9u1_armel.deb
Debian9armhflibzmq5-dbg< 4.2.1-4+deb9u1libzmq5-dbg_4.2.1-4+deb9u1_armhf.deb
Debian9s390xlibzmq5< 4.2.1-4+deb9u1libzmq5_4.2.1-4+deb9u1_s390x.deb
Debian9armhflibzmq3-dev< 4.2.1-4+deb9u1libzmq3-dev_4.2.1-4+deb9u1_armhf.deb
Debian9allzeromq3< 4.2.1-4+deb9u1zeromq3_4.2.1-4+deb9u1_all.deb
Debian9i386libzmq3-dev< 4.2.1-4+deb9u1libzmq3-dev_4.2.1-4+deb9u1_i386.deb
Debian9arm64libzmq5< 4.2.1-4+deb9u1libzmq5_4.2.1-4+deb9u1_arm64.deb
Debian9ppc64ellibzmq5< 4.2.1-4+deb9u1libzmq5_4.2.1-4+deb9u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libzmq5-dbg	< 4.2.1-4+deb9u1	libzmq5-dbg_4.2.1-4+deb9u1_armel.deb
Debian	9	arm64	libzmq5-dbg	< 4.2.1-4+deb9u1	libzmq5-dbg_4.2.1-4+deb9u1_arm64.deb
Debian	9	armel	libzmq3-dev	< 4.2.1-4+deb9u1	libzmq3-dev_4.2.1-4+deb9u1_armel.deb
Debian	9	armhf	libzmq5-dbg	< 4.2.1-4+deb9u1	libzmq5-dbg_4.2.1-4+deb9u1_armhf.deb
Debian	9	s390x	libzmq5	< 4.2.1-4+deb9u1	libzmq5_4.2.1-4+deb9u1_s390x.deb
Debian	9	armhf	libzmq3-dev	< 4.2.1-4+deb9u1	libzmq3-dev_4.2.1-4+deb9u1_armhf.deb
Debian	9	all	zeromq3	< 4.2.1-4+deb9u1	zeromq3_4.2.1-4+deb9u1_all.deb
Debian	9	i386	libzmq3-dev	< 4.2.1-4+deb9u1	libzmq3-dev_4.2.1-4+deb9u1_i386.deb
Debian	9	arm64	libzmq5	< 4.2.1-4+deb9u1	libzmq5_4.2.1-4+deb9u1_arm64.deb
Debian	9	ppc64el	libzmq5	< 4.2.1-4+deb9u1	libzmq5_4.2.1-4+deb9u1_ppc64el.deb