A vulnerability was found in libevent. There is a stack-buffer overflow in evutil.c.
Created libevent tracking bugs for this issue:
Affects: fedora-all [bug 1418616]
nfs-utils since rhel-5 does not use embedded libevent
libevent.1.4 does not include support for IPv6.
openmpi does not use or expose any functions in libevent which expose this vulnerability.
Stack canaries prevent exploitation of this flaw for arbitrary code execution, limiting the potential impact to only a crash.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:1201 https://access.redhat.com/errata/RHSA-2017:1201