{"id":"MGASA-2019-0323","summary":"Updated zeromq packages fix security vulnerability","details":"A security vulnerability has been reported in libzmq/zeromq.\n\na remote, unauthenticated client connecting to a libzmq application,\nrunning with a socket listening with CURVE encryption/authentication\nenabled, may cause a stack overflow and overwrite the stack with arbitrary\ndata, due to a buffer overflow in the library. Users running public servers\nwith the above configuration are highly encouraged to upgrade as soon as\npossible, as there are no known mitigations. All versions from 4.0.0 and\nupwards are affected (CVE-2019-13132).\n","modified":"2026-02-04T04:19:22.467520Z","published":"2019-11-14T16:58:51Z","related":["CVE-2019-13132"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0323.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25113"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2019/07/08/6"},{"type":"REPORT","url":"https://www.debian.org/security/2019/dsa-4477"},{"type":"REPORT","url":"https://usn.ubuntu.com/4050-1/"}],"affected":[{"package":{"name":"zeromq","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/zeromq?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.2-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0323.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}