[3.3] libevent: Multiple issues (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197)
CVE-2016-10195: dns remote stack overread vulnerability
Fixed in libevent 2.1.6
References:
http://seclists.org/oss-sec/2017/q1/282
https://github.com/libevent/libevent/issues/317
Patch:
https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
CVE-2016-10196: (stack) buffer overflow in evutil_parse_sockaddr_port()
Fixed in libevent 2.1.6
References:
https://github.com/libevent/libevent/issues/318
http://seclists.org/oss-sec/2017/q1/282
Patch:
https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
CVE-2016-10197: out-of-bounds read in search_make_new()
Fixed in libevent 2.1.6
References:
https://github.com/libevent/libevent/issues/332
http://seclists.org/oss-sec/2017/q1/282
Patch:
https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
(from redmine: issue id 6801, created on 2017-02-02, closed on 2017-02-07)
- Relations:
- parent #6797 (closed)
- Changesets:
- Revision 8b9e6e1f by Sergei Lukin on 2017-02-07T07:30:26Z:
main/libevent: security fixes #6801
CVE-2016-10195: dns remote stack overread vulnerability
CVE-2016-10196: (stack) buffer overflow in evutil_parse_sockaddr_port()
CVE-2016-10197: out-of-bounds read in search_make_new()