==========================================================================
Ubuntu Security Notice USN-2477-1
January 19, 2015
libevent vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
libevent could be made to crash or run programs if it processed specially
crafted data.
Software Description:
– libevent: Asynchronous event notification library
Details:
Andrew Bartlett discovered that libevent incorrectly handled large inputs
to the evbuffer API. A remote attacker could possibly use this issue with
an application that uses libevent to cause a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libevent-2.0-5 2.0.21-stable-1ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libevent-2.0-5 2.0.21-stable-1ubuntu1.14.04.1
Ubuntu 12.04 LTS:
libevent-2.0-5 2.0.16-stable-1ubuntu0.1
Ubuntu 10.04 LTS:
libevent-1.4-2 1.4.13-stable-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2477-1
CVE-2014-6272
Package Information:
https://launchpad.net/ubuntu/+source/libevent/2.0.21-stable-1ubuntu1.14.10.1
https://launchpad.net/ubuntu/+source/libevent/2.0.21-stable-1ubuntu1.14.04.1
https://launchpad.net/ubuntu/+source/libevent/2.0.16-stable-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libevent/1.4.13-stable-1ubuntu0.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJUvSbdAAoJEGVp2FWnRL6TRbMQAImhKsNbJgrv8F8kwr2/eXL9
in9xfg6bXlQY7brHuY1gWNo9iA0Jv7OtSFq/J9Mbc2yBGx6Vh8xzCLTPrSMGgSoo
XXP96pj6k8X0B0h8eOfqGS4bzCSEj3SZevycPsbODRlNBrEB4kYiy2nwY/upgvR1
l5QJi+7f5J/1HMbuwK/66ElcW6wOBVN6seETxw0l2Ob079r+F333ZirxIYDSfzQ2
zSaxCdJQ7YjT8qFcC4BIzF+dJNNS++6IirrQOQfd+PTYzxTQVuQLfTBmU/hnaSnY
Mg+IelboTKMTdTrJNE0UvVhHjeraI4jG1SRgWaKP3NmZDsLccyMjpC8WujSNCnj9
6+0nC6orxUSovTVYcug0RjMf/mtT5vA7evqbYxOn/S6ERrBygarxHbKhaZi0EV8A
4JnnnLLMI5Be7M8PT2K41vM1xg+VeOXjYQvpMGVZ+bXKB7L+WguixnMNqZg2S85v
rQHk0/tNFbepS5iHZLbGk7DnGh0sEwH8YGYdQalnO9Or9A1YUXnMrHHo8Z23FLOU
tKphoL/Wk4rUEveiwzmjzPUcra8Zxw6NFR9vML0GSrg91Vmjy1vk5BkBhU2Xr3Zc
IYY/4QaXP1jBX3kVeSqTQjSg+KA7NxUMwBzSHus/AYNQc5sG/8f91eVf2pMc4abO
3tBZIBoeTKrRx8TsA1tU
=Q5rl
—–END PGP SIGNATURE—–
—