libevent-2.0.21-4.0.1.el7.AXS7

The libevent API provides a mechanism to execute a callback function when a
specific event occurs on a file descriptor or after a timeout has been reached.
libevent is meant to replace the asynchronous event loop found in event driven
network servers. An application just needs to call event_dispatch() and can then
add or remove events dynamically without having to change the event loop.

Security fix(es):
- CVE-2016-10195: fix an out-of-bounds stack read in the name_parse function
- CVE-2016-10196: fix a stack-based buffer overflow in the
evutil_parse_sockaddr_port function
- CVE-2016-10197: fix DoS via an empty hostname in the search_make_new function

CVE(s):
CVE-2016-10197
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
CVE-2016-10195
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVE-2016-10196
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.