7 matches found
openSUSE Security Update : zeromq (openSUSE-SU-2014:1493-1)
zeromq was updated to version 4.0.5 to fix two security issues and various other bugs. These security issues were fixed : - Did not validate the other party's security handshake properly, allowing a man-in-the-middle downgrade attack CVE-2014-7202. - Did not implement a uniqueness check on...
openSUSE Security Update : zeromq (openSUSE-SU-2014:1381-1)
This udpate for zeromq fixes the following non-security and security-issues: Update to version 4.0.4, for a detailed description see /usr/share/doc/packages/zeromq-devel/NEWS - Add libsodium dep for testsuite where possible - Version bump to 4.0.5 fixes bnc898917 CVE-2014-7202 and CVE-2014-7203 :...
zeromq: Man-in-the-middle downgrade and replay attack
CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...
CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
CVE-2014-7202
CVE-2014-7202 affects libzmq (ZeroMQ/C++) 4.0.5 prior to 4.0.5, where stream_engine.cpp enables man‑in‑the‑middle downgrade attacks via a crafted connection request. Root cause is in the stream_engine handling; impact is MITM downgrade vulnerability. Remediation: upgrade to version 4.0.5 (or late...
CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...
CVE-2014-7202
streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...