Описание
Security update for libevent
This update for libevent fixes the following security issues:
- CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917)
- CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918)
- CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0220-1
- SUSE Security Ratings
Описание
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
Затронутые продукты
Ссылки
- CVE-2016-10195
- SUSE Bug 1022917
- SUSE Bug 1035082
- SUSE Bug 1035209
- SUSE Bug 1075618
- SUSE Bug 1123122
Описание
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
Затронутые продукты
Ссылки
- CVE-2016-10196
- SUSE Bug 1022918
- SUSE Bug 1035082
- SUSE Bug 1035209
- SUSE Bug 1075618
Описание
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
Затронутые продукты
Ссылки
- CVE-2016-10197
- SUSE Bug 1022919
- SUSE Bug 1035082
- SUSE Bug 1035209
- SUSE Bug 1075618
- SUSE Bug 1123122