Описание
Security update for libevent
This update for libevent fixes the following issues:
- CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917)
- CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) (backport for 2.0.21)
- CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libevent-devel-1.4.5-24.24.3.1
Ссылки
- Link for SUSE-SU-2018:0263-1
- E-Mail link for SUSE-SU-2018:0263-1
- SUSE Security Ratings
- SUSE Bug 1022917
- SUSE Bug 1022918
- SUSE Bug 1022919
- SUSE CVE CVE-2016-10195 page
- SUSE CVE CVE-2016-10196 page
- SUSE CVE CVE-2016-10197 page
Описание
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libevent-devel-1.4.5-24.24.3.1
Ссылки
- CVE-2016-10195
- SUSE Bug 1022917
- SUSE Bug 1035082
- SUSE Bug 1035209
- SUSE Bug 1075618
- SUSE Bug 1123122
Описание
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libevent-devel-1.4.5-24.24.3.1
Ссылки
- CVE-2016-10196
- SUSE Bug 1022918
- SUSE Bug 1035082
- SUSE Bug 1035209
- SUSE Bug 1075618
Описание
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libevent-1_4-2-1.4.5-24.24.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libevent-devel-1.4.5-24.24.3.1
Ссылки
- CVE-2016-10197
- SUSE Bug 1022919
- SUSE Bug 1035082
- SUSE Bug 1035209
- SUSE Bug 1075618
- SUSE Bug 1123122