5 matches found
openSUSE Security Update : zeromq (openSUSE-SU-2014:1493-1)
zeromq was updated to version 4.0.5 to fix two security issues and various other bugs. These security issues were fixed : - Did not validate the other party's security handshake properly, allowing a man-in-the-middle downgrade attack CVE-2014-7202. - Did not implement a uniqueness check on...
openSUSE Security Update : zeromq (openSUSE-SU-2014:1381-1)
This udpate for zeromq fixes the following non-security and security-issues: Update to version 4.0.4, for a detailed description see /usr/share/doc/packages/zeromq-devel/NEWS - Add libsodium dep for testsuite where possible - Version bump to 4.0.5 fixes bnc898917 CVE-2014-7202 and CVE-2014-7203 :...
zeromq: Man-in-the-middle downgrade and replay attack
CVE-2014-7202 downgrade attack A bug in streamengine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 replay attack libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks...
CVE-2014-7203
libzmq aka ZeroMQ/C++ 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors...
CVE-2014-7203
libzmq (ZeroMQ/C++) 4.0.x before 4.0.5 exposes a replay vulnerability (CVE-2014-7203) because nonces are not guaranteed unique, enabling man-in-the-middle replay attacks via unspecified vectors. The issue is fixed in libzmq 4.0.5 (e.g., openSUSE/SUSE updates reference CVE-2014-7203 and CVE-2014-7...