ZeroMQ: Code execution — GLSA 201903-22

An overflow was discovered in ZeroMQ which could lead to arbitrary code execution.

Affected Packages

net-libs/zeromq on all architectures
Affected versions < 4.3.1
Unaffected versions >= 4.3.1

Background

Looks like an embeddable networking library but acts like a concurrency framework

Description

Please reference the CVE for details.

Impact

Please reference the CVE for details.

Workaround

There is no known workaround at this time.

Resolution

All ZeroMQ users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/zeromq-4.3.1"
 

References

Release Date
March 28, 2019

Latest Revision
March 28, 2019: 1

Severity
high

Exploitable
local, remote

Bugzilla entries