Security update for zeromq SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1028-1 Final 1 1 2015-06-02T14:54:22Z current 2015-06-02T14:54:22Z 2015-06-02T14:54:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for zeromq zeromq was updated to fix one security issue and two non-security bugs. The following vulnerabilities were fixed: * CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol (boo#931978) The following bugs were fixed: * boo#912460: avoid curve test to hang for ppc ppc64 ppc64le architectures * boo#907584: zeromq package could not be updated due to a file conflict, split tools into a separate subpackage The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html E-Mail link for openSUSE-SU-2015:1028-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libzmq4-4.0.5-4.7.1 zeromq-4.0.5-4.7.1 zeromq-devel-4.0.5-4.7.1 zeromq-tools-4.0.5-4.7.1 libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. CVE-2014-9721 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html https://www.suse.com/security/cve/CVE-2014-9721.html CVE-2014-9721 https://bugzilla.suse.com/931978 SUSE Bug 931978