[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3389 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-4944 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0845 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1150 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1437 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1752 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-4238 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-4314 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0012 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-1829 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-1830 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2667 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4650 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-7202 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-7203 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9721 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2296 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10745 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1238 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9015 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18342 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6512 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20060 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7750 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10906 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11236 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11324 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13132 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-20907 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-20916 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5010 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-8341 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9740 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9947 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14343 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15166 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15523 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15801 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1747 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25659 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26137 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27783 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28493 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-29651 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-36242 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8492 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23336 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28957 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29921 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3177 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33503 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3426 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2937 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2940 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3738 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4339 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4343 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-7250 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-3108 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4995 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5135 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0891 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1672 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5077 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0590 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0591 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0789 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1377 ** CVE
[Touch-packages] [Bug 1811531]
SUSE-FU-2022:0454-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Category: feature (moderate) Bug References: 180,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,493,622,657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426 JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
SUSE-FU-2022:0447-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Category: feature (moderate) Bug References: 180,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,493,622,657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426 JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
SUSE-FU-2022:0452-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Category: feature (moderate) Bug References: 180,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,493,622,657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426 JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
SUSE-FU-2022:0444-1: An update that solves 51 vulnerabilities, contains 21 features and has 249 fixes is now available. Category: feature (moderate) Bug References: 180,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,493,622,657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-9015,CVE-2017-18342,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426 JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135 Sources used: SUSE Manager Tools 15-BETA (src):venv-salt-minion-3002.2-159000.3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list:
[Touch-packages] [Bug 1811531]
SUSE-FU-2022:0450-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Category: feature (moderate) Bug References: 180,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,493,622,657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426 JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available. Category: feature (moderate) Bug References: 180,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,493,622,657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668 CVE References:
[Touch-packages] [Bug 1811531]
SUSE-FU-2022:0456-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available. Category: feature (moderate) Bug References: 180,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,493,622,657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614 CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426 JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
openSUSE-SU-2019:0087-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1082318,1121717 CVE References: CVE-2019-6250 Sources used: openSUSE Leap 15.0 (src):zeromq-4.2.3-lp150.2.10.1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** Changed in: zeromq (Suse) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Fix Released Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
openSUSE-SU-2019:0064-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1121717 CVE References: CVE-2019-6250 Sources used: openSUSE Leap 42.3 (src):zeromq-4.2.2-2.8.1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
This is an autogenerated message for OBS integration: This bug (1121717) was mentioned in https://build.opensuse.org/request/show/666782 15.0 / zeromq -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
SUSE-SU-2019:0110-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1121717 CVE References: CVE-2019-6250 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): zeromq-4.2.3-3.3.2 SUSE Linux Enterprise Module for Basesystem 15 (src):zeromq-4.2.3-3.3.2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
Thanks Luca, The packages are being uploaded and should be available in the archive in a few minutes. Thanks ** Changed in: zeromq3 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Released Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
Hi Eduardo, thanks for taking care of this. The amd64 binaries look fine to me. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Committed Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** Changed in: zeromq3 (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: Fix Committed Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
Thanks for opening the ticket and attaching the patch. I've generated a new version for bionic and cosmic, both can be found here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=zeromq3 Would anyone mind testing it before we release it? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
Thanks for opening the ticket and attaching the patch. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** Changed in: zeromq3 (Ubuntu) Assignee: (unassigned) => Eduardo dos Santos Barretto (ebarretto) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** Changed in: zeromq (Suse) Status: Confirmed => Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
Fixes submitted to all affected codestreams. Re-assigning back to security team for tracking purposes. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** Bug watch added: github.com/zeromq/libzmq/issues #3351 https://github.com/zeromq/libzmq/issues/3351 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
https://github.com/zeromq/libzmq/issues/3351 https://github.com/zeromq/libzmq/pull/3353 https://github.com/zeromq/libzmq/releases/tag/v4.3.1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
This issue has been assigned CVE-2019-6250 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531]
(In reply to Luca Boccassi from comment #0) > The latest version will hopefully arrive in disco via debian unstable soon, > but I would recommend patching older releases. s/disco/tumbleweed/ s/debian unstable/obs factory/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
This issue has been assigned CVE-2019-6250 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6250 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** Changed in: zeromq3 (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Fix Released Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
The attachment "backported patch for 4.2.5" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Unknown Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
Launchpad has imported 1 comments from the remote bug at https://bugzilla.opensuse.org/show_bug.cgi?id=1121717. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2019-01-12T17:40:09+00:00 Luca Boccassi wrote: Created attachment 794269 patch for 4.2.2 and 4.2.3 Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch for 4.2.3 (leap 15) and 4.2.2 (leap 42) (applies cleanly on both). This issue has been introduced in 4.2.0 so SLES 12 is not affected. The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. Reply at: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/comments/3 ** Changed in: zeromq (Suse) Status: Unknown => Confirmed ** Changed in: zeromq (Suse) Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Unknown Status in zeromq package in Suse: Confirmed Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
** Description changed: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. + + [1] https://github.com/zeromq/libzmq/issues/3351 ** Bug watch added: Debian Bug tracker #919098 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919098 ** Also affects: zeromq3 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919098 Importance: Unknown Status: Unknown ** Bug watch added: bugzilla.opensuse.org/ #1121717 https://bugzilla.opensuse.org/show_bug.cgi?id=1121717 ** Also affects: zeromq (Suse) via https://bugzilla.opensuse.org/show_bug.cgi?id=1121717 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Status in zeromq3 package in Debian: Unknown Status in zeromq package in Suse: Unknown Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. [1] https://github.com/zeromq/libzmq/issues/3351 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] Re: remote execution vulnerability
Also note that this was introduced in 4.2.0, so xenial is not affected. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811531] [NEW] remote execution vulnerability
*** This bug is a security vulnerability *** Public security bug reported: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. ** Affects: zeromq3 (Ubuntu) Importance: Undecided Status: New ** Patch added: "backported patch for 4.2.5" https://bugs.launchpad.net/bugs/1811531/+attachment/5228726/+files/pointer_overflow.patch ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1811531 Title: remote execution vulnerability Status in zeromq3 package in Ubuntu: New Bug description: Dear Maintainer, A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1]. The issue is fixed in upstream version v4.3.1, just released, or with the attached patch which is targeted for v4.2.5 (bionic and cosmic). The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases. As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp