Debian Security Advisory 3119-1

Debian Security Advisory 3119-1: Posted Jan 6, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3119-1 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.; tags | advisory, overflow; systems | linux, debian; advisories | CVE-2014-6272; SHA-256 | ba981464d57b711de3d7ce967eb091055c67eccec9d191c924fbdf642b319abe; Download | Favorite | View

Debian Security Advisory 3119-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3119-1                   security@debian.org
https://www.debian.org/security/                      Salvatore Bonaccorso
January 06, 2015                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libevent
CVE ID         : CVE-2014-6272
Debian Bug     : 774645

Andrew Bartlett of Catalyst reported a defect affecting certain
applications using the Libevent evbuffer API. This defect leaves
applications which pass insanely large inputs to evbuffers open to a
possible heap overflow or infinite loop. In order to exploit this flaw,
an attacker needs to be able to find a way to provoke the program into
trying to make a buffer chunk larger than what will fit into a single
size_t or off_t.

For the stable distribution (wheezy), this problem has been fixed in
version 2.0.19-stable-3+deb7u1.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libevent packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUq40sAAoJEAVMuPMTQ89EE4UQAIKehSXkYfTIEoidF5W0TlHE
gUPmCvaB94OEws116+vNmDuoGnO64X59PDcOp2NWhO0ZLKfz5gxsA6Q3CwyaiV5b
OSxy1Lgw5ANA22zTG8gXF33ZAUS8LQxFYrgwjQ2AbRFiO4IAs4WW97p/LrTxsqv8
OoaPts6W/PJPUutHlVfWJFire8eW6OCWii3MXSAIQDRad+KEsgdfOojqWBPa1yQU
DV0c8MNLDzzFe0kIBhs7OrPPxcYwW1WUqS72LE2X/fhuqXs77eNzCT2O7xH1IcKh
pzEW829a0jk6HgavBm2Vp8rFUxL2yB03hX4dhTxsyLkz48pzqoXB0wL6LZ1ESeOX
xolkXn3WvI2E8d+gVjykuynmwxrnVpY00ebHsewK16TGs7MFzPrvn0DMUqdtB4T9
srNHq7SdGymqd0lsx0pZV4edqilqN8WymFvf8r4hMuOhOd4i8DRe2Oy06Gy8TwLr
MjRZ19AxX/WK/uOtmmevbca4qt3yZMZDk9CvrMBHnGg7W2ewmUpZRQokot+078OL
BlEkCtM8kl2533KZnnqobMrdMNdtXf+NhVcQabOx+7+dNs+IpvwAG1DRTxjFeHYu
TbOOgTqh+XZ2EjlYX8fiMSuAbGa/wkyJ3ClR23WDFM/xLtiW5Y6almYmWiM65EvY
z+UIl9LOGvhlYQVB3Prh
=wi/U
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 56 files
Debian 19 files
LiquidWorm 18 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Chokri Hammedi 3 files
Alter Prime 3 files
Valentin Lobstein 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,937)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,979)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 3119-1

Debian Security Advisory 3119-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3119-1

Share This

Debian Security Advisory 3119-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems