lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 06 Jan 2015 07:23:13 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3119-1] libevent security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3119-1                   security@...ian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
January 06, 2015                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libevent
CVE ID         : CVE-2014-6272
Debian Bug     : 774645

Andrew Bartlett of Catalyst reported a defect affecting certain
applications using the Libevent evbuffer API. This defect leaves
applications which pass insanely large inputs to evbuffers open to a
possible heap overflow or infinite loop. In order to exploit this flaw,
an attacker needs to be able to find a way to provoke the program into
trying to make a buffer chunk larger than what will fit into a single
size_t or off_t.

For the stable distribution (wheezy), this problem has been fixed in
version 2.0.19-stable-3+deb7u1.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libevent packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUq40sAAoJEAVMuPMTQ89EE4UQAIKehSXkYfTIEoidF5W0TlHE
gUPmCvaB94OEws116+vNmDuoGnO64X59PDcOp2NWhO0ZLKfz5gxsA6Q3CwyaiV5b
OSxy1Lgw5ANA22zTG8gXF33ZAUS8LQxFYrgwjQ2AbRFiO4IAs4WW97p/LrTxsqv8
OoaPts6W/PJPUutHlVfWJFire8eW6OCWii3MXSAIQDRad+KEsgdfOojqWBPa1yQU
DV0c8MNLDzzFe0kIBhs7OrPPxcYwW1WUqS72LE2X/fhuqXs77eNzCT2O7xH1IcKh
pzEW829a0jk6HgavBm2Vp8rFUxL2yB03hX4dhTxsyLkz48pzqoXB0wL6LZ1ESeOX
xolkXn3WvI2E8d+gVjykuynmwxrnVpY00ebHsewK16TGs7MFzPrvn0DMUqdtB4T9
srNHq7SdGymqd0lsx0pZV4edqilqN8WymFvf8r4hMuOhOd4i8DRe2Oy06Gy8TwLr
MjRZ19AxX/WK/uOtmmevbca4qt3yZMZDk9CvrMBHnGg7W2ewmUpZRQokot+078OL
BlEkCtM8kl2533KZnnqobMrdMNdtXf+NhVcQabOx+7+dNs+IpvwAG1DRTxjFeHYu
TbOOgTqh+XZ2EjlYX8fiMSuAbGa/wkyJ3ClR23WDFM/xLtiW5Y6almYmWiM65EvY
z+UIl9LOGvhlYQVB3Prh
=wi/U
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ