ELA-1184-1 zeromq3 security update

multiple vulnerabilities

2024-09-28
Packagezeromq3
Version4.3.1-4+deb10u3 (buster)
Related CVEs CVE-2021-20234 CVE-2021-20235 CVE-2021-20237


Multiple vulnerabilities have been fixed in the messaging library ZeroMQ.

CVE-2021-20234

Memory leak in client induced by malicious server(s)

CVE-2021-20235

Heap overflow when receiving malformed ZMTP v1 packets

CVE-2021-20237

Memory leak in PUB server induced by malicious client(s)


For Debian 10 buster, these problems have been fixed in version 4.3.1-4+deb10u3.

We recommend that you upgrade your zeromq3 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.