An overflow was discovered in ZeroMQ which could lead to arbitrary code execution.
Package | net-libs/zeromq on all architectures |
---|---|
Affected versions | < 4.3.1 |
Unaffected versions | >= 4.3.1 |
Looks like an embeddable networking library but acts like a concurrency framework
Please reference the CVE for details.
Please reference the CVE for details.
There is no known workaround at this time.
All ZeroMQ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/zeromq-4.3.1"
Release date
March 28, 2019
Latest revision
March 28, 2019: 1
Severity
high
Exploitable
local, remote
Bugzilla entries