fd1ac2e762
Fixes the following security issues: - CVE-2020-15166: Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m - Stack overflow on server running PUB/XPUB socket (CURVE disabled). The PUB/XPUB subscription store (mtrie) is traversed using recursive function calls. In the remove (unsubscription) case, the recursive calls are NOT tail calls, so even with optimizations the stack grows linearly with the length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such that, when unsubscribing, traversal will cause a stack overflow. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 - Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP. Messages with metadata are never processed by PUB sockets, but the metadata is kept referenced in the PUB object and never freed. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw - Memory leak in client induced by malicious server(s) without CURVE/ZAP. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 - Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled). By crafting a packet which is not valid ZMTP v2/v3, and which has two messages larger than 8192 bytes, the decoder can be tricked into changing the recorded size of the 8192 bytes static buffer, which then gets overflown by the next message. The content that gets written in the overflown memory is entirely decided by the sender. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 Drop now upstreamed patches, autoreconf and reformat hash file with 2 space delimiters. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 lines
460 B
Plaintext
8 lines
460 B
Plaintext
# From https://github.com/zeromq/libzmq/releases
|
|
md5 78acc277d95e10812d71b2b3c3c3c9a9 zeromq-4.3.3.tar.gz
|
|
sha1 d78bc504194d6908df40a2b9e41849b181b02491 zeromq-4.3.3.tar.gz
|
|
# Locally computed
|
|
sha256 9d9285db37ae942ed0780c016da87060497877af45094ff9e1a1ca736e3875a2 zeromq-4.3.3.tar.gz
|
|
sha256 4fd86507c9b486764343065a9e035222869a27b5789efeb4fd93edc85412d7a3 COPYING
|
|
sha256 83f32abe61ee58ffb1b007412c08415168c052501dbf56d7a47aaaac52b03ef6 COPYING.LESSER
|