libevent: Multiple issues (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197)
CVE-2016-10195: dns remote stack overread vulnerability
Fixed in libevent 2.1.6
References:
http://seclists.org/oss-sec/2017/q1/282
https://github.com/libevent/libevent/issues/317
Patch:
https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
CVE-2016-10196: (stack) buffer overflow in evutil_parse_sockaddr_port()
Fixed in libevent 2.1.6
References:
https://github.com/libevent/libevent/issues/318
http://seclists.org/oss-sec/2017/q1/282
Patch:
https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
CVE-2016-10197: out-of-bounds read in search_make_new()
Fixed in libevent 2.1.6
References:
https://github.com/libevent/libevent/issues/332
http://seclists.org/oss-sec/2017/q1/282
Patch:
https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
(from redmine: issue id 6797, created on 2017-02-02, closed on 2017-02-07)
- Relations:
- child #6798 (closed)
- child #6799 (closed)
- child #6800 (closed)
- child #6801 (closed)
- child #6802 (closed)