PublicDateAtUSN: 2016-12-31
Candidate: CVE-2016-10197
PublicDate: 2017-03-15 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
 http://www.openwall.com/lists/oss-security/2017/01/31/17
 https://ubuntu.com/security/notices/USN-3228-1
 https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
 https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/
 https://ubuntu.com/security/notices/USN-3278-1
Description:
 The search_make_new function in evdns.c in libevent before 2.1.6-beta
 allows attackers to cause a denial of service (out-of-bounds read) via an
 empty hostname.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/libevent/libevent/issues/332
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854092
Priority: low
Discovered-by: Guido Vranken
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_firefox: 
upstream_firefox: released (53.0)
precise_firefox: ignored
precise/esm_firefox: DNE (precise was ignored)
trusty_firefox: released (53.0+build6-0ubuntu0.14.04.1)
trusty/esm_firefox: DNE (trusty was released [53.0+build6-0ubuntu0.14.04.1])
vivid/ubuntu-core_firefox: DNE
vivid/stable-phone-overlay_firefox: DNE
xenial_firefox: released (53.0+build6-0ubuntu0.16.04.1)
esm-infra/xenial_firefox: released (53.0+build6-0ubuntu0.16.04.1)
yakkety_firefox: released (53.0+build6-0ubuntu0.16.10.1)
zesty_firefox: released (53.0+build6-0ubuntu0.17.04.1)
devel_firefox: released (54.0+build3-0ubuntu1)

Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: needs-triage
precise/esm_thunderbird: DNE
trusty_thunderbird: released (1:52.1.1+build1-0ubuntu0.14.04.1)
trusty/esm_thunderbird: DNE (trusty was released [1:52.1.1+build1-0ubuntu0.14.04.1])
vivid/ubuntu-core_thunderbird: DNE
vivid/stable-phone-overlay_thunderbird: DNE
xenial_thunderbird: released (1:52.1.1+build1-0ubuntu0.16.04.1)
esm-infra/xenial_thunderbird: released (1:52.1.1+build1-0ubuntu0.16.04.1)
yakkety_thunderbird: released (1:52.1.1+build1-0ubuntu0.16.10.1)
zesty_thunderbird: released (1:52.1.1+build1-0ubuntu0.17.04.1)
devel_thunderbird: released (1:52.1.1+build1-0ubuntu1)

Patches_libevent:
 upstream: https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
 upstream: https://github.com/libevent/libevent/commit/d7348bab602cf4dbdf65b9eeba2fb9ce4646bc0b (test)
upstream_libevent: released (2.0.21-stable-3)
precise_libevent: released (2.0.16-stable-1ubuntu0.2)
precise/esm_libevent: released (2.0.16-stable-1ubuntu0.2)
trusty_libevent: released (2.0.21-stable-1ubuntu1.14.04.2)
trusty/esm_libevent: released (2.0.21-stable-1ubuntu1.14.04.2)
vivid/stable-phone-overlay_libevent: DNE
vivid/ubuntu-core_libevent: DNE
xenial_libevent: released (2.0.21-stable-2ubuntu0.16.04.1)
esm-infra/xenial_libevent: released (2.0.21-stable-2ubuntu0.16.04.1)
yakkety_libevent: released (2.0.21-stable-2ubuntu0.16.10.1)
zesty_libevent: released (2.0.21-stable-3)
devel_libevent: released (2.0.21-stable-3)