References

• Bugzilla tickets:
  • BZ#1875223 - CVE-2020-15166 zeromq: unauthenticated clients causing denial-of-service (umbrella ticket)
  • BZ#1876689 - CVE-2020-15166 zeromq: unauthenticated clients causing denial-of-service (fedora-all)
  • BZ#1876690 - CVE-2020-15166 zeromq: unauthenticated clients causing denial-of-service (epel-all)
  • BZ#1876691 - CVE-2020-15166 zeromq3: unauthenticated clients causing denial-of-service (epel-all)
  • BZ#1876738 - zeromq-4.3.3 is available (for all Fedora and EPEL 8)
• Upstream page - Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients
• Upstream fix (for EPEL 7):
  • problem: zeromq connects peer before handshake is complete (#3913)
  • Problem: test_security_zap occasionally segfaults (#3973)