[SECURITY] Fedora 22 Update: zeromq-4.0.5-3.fc22
updates at fedoraproject.org
updates at fedoraproject.org
Sat May 30 15:41:51 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-8635
2015-05-20 22:16:42
--------------------------------------------------------------------------------
Name : zeromq
Product : Fedora 22
Version : 4.0.5
Release : 3.fc22
URL : http://www.zeromq.org
Summary : Software library for fast, message-based applications
Description :
The 0MQ lightweight messaging kernel is a library which extends the
standard socket interfaces with features traditionally provided by
specialized messaging middle-ware products. 0MQ sockets provide an
abstraction of asynchronous message queues, multiple messaging
patterns, message filtering (subscriptions), seamless access to
multiple transport protocols and more.
This package contains the ZeroMQ shared library.
--------------------------------------------------------------------------------
Update Information:
Cherry-pick a fix for the protocol downgrade attack (CVE-2014-9721)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 19 2015 Thomas Spura <tomspur at fedoraproject.org> - 4.0.5-3
- Cherry-pick patch for protocol downgrade attack (#1221666)
- Remove Provides:zeromq-utils
- Remove %defattr
* Sat May 2 2015 Kalev Lember <kalevlember at gmail.com> - 4.0.5-2
- Rebuilt for GCC 5 C++11 ABI change
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1221666 - CVE-2014-9721 zeromq: protocol downgrade attack on sockets using the ZMTP v3 protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1221666
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update zeromq' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list