DebianDEBIAN:DSA-3119-1:DB010[SECURITY] [DSA 3119-1] libevent security update
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.1%
Debian Security Advisory DSA-3119-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
January 06, 2015 http://www.debian.org/security/faq
Package : libevent
CVE ID : CVE-2014-6272
Debian Bug : 774645
Andrew Bartlett of Catalyst reported a defect affecting certain
applications using the Libevent evbuffer API. This defect leaves
applications which pass insanely large inputs to evbuffers open to a
possible heap overflow or infinite loop. In order to exploit this flaw,
an attacker needs to be able to find a way to provoke the program into
trying to make a buffer chunk larger than what will fit into a single
size_t or off_t.
For the stable distribution (wheezy), this problem has been fixed in
version 2.0.19-stable-3+deb7u1.
For the upcoming stable distribution (jessie) and the unstable
distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your libevent packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | all | libevent | < 2.0.19-stable-3+deb7u1 | libevent_2.0.19-stable-3+deb7u1_all.deb |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.1%