ArchLinux: 202009-15: lib32-zeromq: denial of service
Summary
A denial of service has been found in libzmq before 4.3.3, allowing unauthenticated clients to prevent legitimate clients from exchange any message with a CURVE/ZAP-protected server.
Resolution
Upgrade to 4.3.3-1.
# pacman -Syu "lib32-zeromq>=4.3.3-1"
The problem has been fixed upstream in version 4.3.3.
References
https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m https://github.com/zeromq/libzmq/pull/3913/commits/e7f0090b161ce6344f6bd35009816a925c070b09 https://oss-fuzz.com/login https://security.archlinux.org/CVE-2020-15166
Workaround
None.