Slackware Security Advisory - New libevent packages are available for Slackware 14.1 and -current to fix security issues.
1819f55111ba0ede1422e02e74bdca07f5a78b76f2eb806b9e3676992020005c
Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
37d784031ae48e29994057c675fed2574429ffa8db1c8f64699b2756dfbdeb52
Gentoo Linux Security Advisory 201502-7 - Multiple integer overflow errors in libevent could result in execution of arbitrary code or Denial of Service. Versions less than 2.0.22 are affected.
bf14a652ac6ffd0e3ea97788fd3308684bf2220e01960169dc8aff07eb0adc67
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
966b7652d7133037134b30ff4cc54bdb82b1a220daf1667ccfe0df7292d201fa
Ubuntu Security Notice 2477-1 - Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.
8d59f9a9a7da986c7c656c01a3b1736ca2c1c10eb6ed21dd48749c787b46e718
Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
bce77a4196de4ea6bb6b6218815a3818073546b6ac3237c482ea8db9d5f9801c
Debian Linux Security Advisory 3119-1 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
ba981464d57b711de3d7ce967eb091055c67eccec9d191c924fbdf642b319abe