Advisories ยป MGASA-2017-0066

Updated libevent packages fix security vulnerability

Publication date: 26 Feb 2017
Modification date: 26 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10195 , CVE-2016-10196 , CVE-2016-10197

Description

* The DNS code of Libevent contains an OOB read which can trigger a crash
  (CVE-2016-10197)
* The libevent evutil_parse_sockaddr_port() contains a buffer overflow
  which can cause a segmentation fault (CVE-2016-10196)
* The name_parse() function in libevent's DNS code is vulnerable to a
  buffer overread (CVE-2016-10195)

References

SRPMS

5/core