[v3.1] zeromq: downgrade attack (CVE-2014-9721)

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMPT v3 protocol security mechanisms via a ZMTP v2 or earlier header.

Vulnerable:
before 4.0.6 and 4.1.x before 4.1.1

Reference: https://security-tracker.debian.org/tracker/CVE-2014-9721
http://www.openwall.com/lists/oss-security/2015/05/11/1

(from redmine: issue id 4295, created on 2015-06-12, closed on 2017-05-17)

• Relations:
  • parent #4293
• Changesets:
  • Revision f64f0773 by Sergei Lukin on 2016-12-15T08:18:08Z:

main/zeromq: security upgrade - fixes #4295

CVE-2014-9721