Univention Bugzilla – Bug 43554
libevent: Denial of service (ES 3.2)
Last modified: 2019-04-11 19:24:41 CEST
+++ This bug was initially created as a clone of Bug #43553 +++ Debian wheezy package version 2.0.19-stable-3+deb7u2 contains fixes for: * Stack-buffer overflow in evutil_parse_sockaddr_port() (CVE-2016-10196) 0003-evdns-name_parse-fix-remote-stack-overread.patch * Out-of-bounds read in search_make_new() (CVE-2016-10197) 0001-evdns-fix-searching-empty-hostnames.patch nfs-common depends on libevent-1.4-2
*** Bug 37451 has been marked as a duplicate of this bug. ***
Also fixed in upstream Debian package version 1.4.13-stable-1+deb6u1: * The evbuffer API in libevent is affected by an integer overflow which potentially allows a heap overflow or denial of service (ATM no existing application is known which uses the API in an affected manner) (CVE-2014-6272)
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 3.2. UCS 3.2 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.