stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libzmq3-dev": "4.0.4+dfsg-2ubuntu0.1", "libzmq3-dbgsym": "4.0.4+dfsg-2ubuntu0.1", "libzmq3-dev-dbgsym": "4.0.4+dfsg-2ubuntu0.1", "libzmq3": "4.0.4+dfsg-2ubuntu0.1", "libzmq3-dbg": "4.0.4+dfsg-2ubuntu0.1" } ] }