Mageia Advisory: MGASA-2017-0066 - Updated libevent packages fix security vulnerability

Updated libevent packages fix security vulnerability

Publication date: 26 Feb 2017
Modification date: 26 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10195 , CVE-2016-10196 , CVE-2016-10197

Description

* The DNS code of Libevent contains an OOB read which can trigger a crash
  (CVE-2016-10197)
* The libevent evutil_parse_sockaddr_port() contains a buffer overflow
  which can cause a segmentation fault (CVE-2016-10196)
* The name_parse() function in libevent's DNS code is vulnerable to a
  buffer overread (CVE-2016-10195)

References

https://bugs.mageia.org/show_bug.cgi?id=20233
http://openwall.com/lists/oss-security/2017/02/02/7
http://www.openwall.com/lists/oss-security/2017/01/31/17
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197

SRPMS

5/core

libevent-2.0.22-1.1.mga5

Advisories » MGASA-2017-0066

Updated libevent packages fix security vulnerability

Description

References

SRPMS

5/core