Login
Newsletter
Werbung

Sicherheit: Denial of Service in libevent
Aktuelle Meldungen Distributionen
Name: Denial of Service in libevent
ID: USN-2477-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10
Datum: Di, 20. Januar 2015, 08:19
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6272
Applikationen: libevent

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4449908987257998766==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="wRXHd4HIFODjQiTQ1QF6QDoXnvRaxlmed"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--wRXHd4HIFODjQiTQ1QF6QDoXnvRaxlmed
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2477-1
January 19, 2015

libevent vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

libevent could be made to crash or run programs if it processed specially
crafted data.

Software Description:
- libevent: Asynchronous event notification library

Details:

Andrew Bartlett discovered that libevent incorrectly handled large inputs
to the evbuffer API. A remote attacker could possibly use this issue with
an application that uses libevent to cause a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libevent-2.0-5 2.0.21-stable-1ubuntu1.14.10.1

Ubuntu 14.04 LTS:
libevent-2.0-5 2.0.21-stable-1ubuntu1.14.04.1

Ubuntu 12.04 LTS:
libevent-2.0-5 2.0.16-stable-1ubuntu0.1

Ubuntu 10.04 LTS:
libevent-1.4-2 1.4.13-stable-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2477-1
CVE-2014-6272

Package Information:
https://launchpad.net/ubuntu/+source/libevent/2.0.21-stable-1ubuntu1.14.10.1
https://launchpad.net/ubuntu/+source/libevent/2.0.21-stable-1ubuntu1.14.04.1
https://launchpad.net/ubuntu/+source/libevent/2.0.16-stable-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libevent/1.4.13-stable-1ubuntu0.1



--wRXHd4HIFODjQiTQ1QF6QDoXnvRaxlmed
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUvSbdAAoJEGVp2FWnRL6TRbMQAImhKsNbJgrv8F8kwr2/eXL9
in9xfg6bXlQY7brHuY1gWNo9iA0Jv7OtSFq/J9Mbc2yBGx6Vh8xzCLTPrSMGgSoo
XXP96pj6k8X0B0h8eOfqGS4bzCSEj3SZevycPsbODRlNBrEB4kYiy2nwY/upgvR1
l5QJi+7f5J/1HMbuwK/66ElcW6wOBVN6seETxw0l2Ob079r+F333ZirxIYDSfzQ2
zSaxCdJQ7YjT8qFcC4BIzF+dJNNS++6IirrQOQfd+PTYzxTQVuQLfTBmU/hnaSnY
Mg+IelboTKMTdTrJNE0UvVhHjeraI4jG1SRgWaKP3NmZDsLccyMjpC8WujSNCnj9
6+0nC6orxUSovTVYcug0RjMf/mtT5vA7evqbYxOn/S6ERrBygarxHbKhaZi0EV8A
4JnnnLLMI5Be7M8PT2K41vM1xg+VeOXjYQvpMGVZ+bXKB7L+WguixnMNqZg2S85v
rQHk0/tNFbepS5iHZLbGk7DnGh0sEwH8YGYdQalnO9Or9A1YUXnMrHHo8Z23FLOU
tKphoL/Wk4rUEveiwzmjzPUcra8Zxw6NFR9vML0GSrg91Vmjy1vk5BkBhU2Xr3Zc
IYY/4QaXP1jBX3kVeSqTQjSg+KA7NxUMwBzSHus/AYNQc5sG/8f91eVf2pMc4abO
3tBZIBoeTKrRx8TsA1tU
=Q5rl
-----END PGP SIGNATURE-----

--wRXHd4HIFODjQiTQ1QF6QDoXnvRaxlmed--


--===============4449908987257998766==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4449908987257998766==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung