A flaw was found in zeromq before 4.3.3. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked causing a crash. References: https://github.com/zeromq/libzmq/pull/3918 https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123
Created zeromq tracking bugs for this issue: Affects: epel-all [bug 1921973] Affects: fedora-all [bug 1921975] Created zeromq3 tracking bugs for this issue: Affects: epel-7 [bug 1921974]
Created zeromq tracking bugs for this issue: Affects: openstack-rdo [bug 1921978]
Fixed by https://bodhi.fedoraproject.org/updates/FEDORA-2021-a01e258e6d
FEDORA-2021-8b3202b783 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
External References: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
FEDORA-EPEL-2021-5e4b80b9d8 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.