CVE-2014-9721
Published: 3 June 2015
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
From the Ubuntu Security Team
It was discovered that ZeroMQ mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to bypass ZeroMQs security mechanisms.
Priority
Status
Package | Release | Status |
---|---|---|
zeromq3 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(4.0.5+dfsg-3)
|
bionic |
Not vulnerable
(4.0.5+dfsg-3)
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.0.4+dfsg-2ubuntu0.1)
|
|
upstream |
Released
(4.0.5+dfsg-3)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Released
(4.0.5+dfsg-2+deb8u1build0.15.04.1)
|
|
wily |
Not vulnerable
(4.0.5+dfsg-3)
|
|
xenial |
Not vulnerable
(4.0.5+dfsg-3)
|
|
yakkety |
Not vulnerable
(4.0.5+dfsg-3)
|
|
zesty |
Not vulnerable
(4.0.5+dfsg-3)
|