Updated libevent packages fix CVE-2014-6272Publication date: 07 Jan 2015
Affected Mageia releases : 4
Updated libevent packages fix security vulnerability: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t (CVE-2014-6272).