[SECURITY] [DLA 137-1] libevent security update

2015-01-2610:50:10

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

75.3%

JSON

Package : libevent
Version : 1.4.13-stable-1+deb6u1
CVE ID : CVE-2014-6272
Debian Bug : 774645

The libevent library was vulnerable to a potential heap overflow in
the buffer/bufferevent APIs.

This update was prepared by Nguyen Cong who used the upstream-provided
patch. Thanks to them!

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7mipslibevent-pthreads-2.0-5< 2.0.19-stable-3+deb7u1libevent-pthreads-2.0-5_2.0.19-stable-3+deb7u1_mips.deb
Debian7s390libevent-pthreads-2.0-5< 2.0.19-stable-3+deb7u1libevent-pthreads-2.0-5_2.0.19-stable-3+deb7u1_s390.deb
Debian7kfreebsd-i386libevent-core-2.0-5< 2.0.19-stable-3+deb7u1libevent-core-2.0-5_2.0.19-stable-3+deb7u1_kfreebsd-i386.deb
Debian7mipsellibevent-extra-2.0-5< 2.0.19-stable-3+deb7u1libevent-extra-2.0-5_2.0.19-stable-3+deb7u1_mipsel.deb
Debian7amd64libevent-pthreads-2.0-5< 2.0.19-stable-3+deb7u1libevent-pthreads-2.0-5_2.0.19-stable-3+deb7u1_amd64.deb
Debian7mipsellibevent-dev< 2.0.19-stable-3+deb7u1libevent-dev_2.0.19-stable-3+deb7u1_mipsel.deb
Debian6i386libevent-1.4-2< 1.4.13-stable-1+deb6u1libevent-1.4-2_1.4.13-stable-1+deb6u1_i386.deb
Debian7amd64libevent-core-2.0-5< 2.0.19-stable-3+deb7u1libevent-core-2.0-5_2.0.19-stable-3+deb7u1_amd64.deb
Debian7alllibevent< 2.0.19-stable-3+deb7u1libevent_2.0.19-stable-3+deb7u1_all.deb
Debian7powerpclibevent-core-2.0-5< 2.0.19-stable-3+deb7u1libevent-core-2.0-5_2.0.19-stable-3+deb7u1_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	mips	libevent-pthreads-2.0-5	< 2.0.19-stable-3+deb7u1	libevent-pthreads-2.0-5_2.0.19-stable-3+deb7u1_mips.deb
Debian	7	s390	libevent-pthreads-2.0-5	< 2.0.19-stable-3+deb7u1	libevent-pthreads-2.0-5_2.0.19-stable-3+deb7u1_s390.deb
Debian	7	kfreebsd-i386	libevent-core-2.0-5	< 2.0.19-stable-3+deb7u1	libevent-core-2.0-5_2.0.19-stable-3+deb7u1_kfreebsd-i386.deb
Debian	7	mipsel	libevent-extra-2.0-5	< 2.0.19-stable-3+deb7u1	libevent-extra-2.0-5_2.0.19-stable-3+deb7u1_mipsel.deb
Debian	7	amd64	libevent-pthreads-2.0-5	< 2.0.19-stable-3+deb7u1	libevent-pthreads-2.0-5_2.0.19-stable-3+deb7u1_amd64.deb
Debian	7	mipsel	libevent-dev	< 2.0.19-stable-3+deb7u1	libevent-dev_2.0.19-stable-3+deb7u1_mipsel.deb
Debian	6	i386	libevent-1.4-2	< 1.4.13-stable-1+deb6u1	libevent-1.4-2_1.4.13-stable-1+deb6u1_i386.deb
Debian	7	amd64	libevent-core-2.0-5	< 2.0.19-stable-3+deb7u1	libevent-core-2.0-5_2.0.19-stable-3+deb7u1_amd64.deb
Debian	7	all	libevent	< 2.0.19-stable-3+deb7u1	libevent_2.0.19-stable-3+deb7u1_all.deb
Debian	7	powerpc	libevent-core-2.0-5	< 2.0.19-stable-3+deb7u1	libevent-core-2.0-5_2.0.19-stable-3+deb7u1_powerpc.deb