[SECURITY] [DLA 3557-1] memcached security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3557-1] memcached security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 07 Sep 2023 16:00:54 -0700
Message-id: <[🔎] 169411140114.1130699.8719657572085743169@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3557-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
September 07, 2023                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : memcached
Version        : 1.5.6-1.1+deb10u1
CVE ID         : CVE-2022-48571

It was discovered that there was a potential Denial of Service (DoS)
vulnerability in memcached, a high-performance in-memory object
caching system.

A crash could have occured when handling "multi-packet" uploads in
UDP mode. Deployments of memcached that only use TCP are likely
unaffected by this issue.

For Debian 10 buster, this problem has been fixed in version
1.5.6-1.1+deb10u1.

We recommend that you upgrade your memcached packages.

For the detailed security status of memcached please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/memcached

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmT6FqcACgkQHpU+J9Qx
HlisMw/9Fc8277nMxWKKlb0DSVtJgyK7y1pvJwVv25Io9Hhw5QpD++Z9UiblHmJX
RSk2/EQeAGInd3+vYrk2QjKDsJmKvnrSWLXrUmLObzPeebZWTMY965hLv2HJpu1h
j53gwHtcBQLPlVGX7vvYWFu4yOcy/oe4Ujjsz1o9a4ye8bDM1Hr2ZvtOq+QzQo2s
q44tdjaNRGEb1N4JIoa1fXeNid/2msgT/U720zHPbia0iqWuHEOG+ipmg5ZQRaMY
Xi+HBlemAL8aa4mk5uVhMTlTx1mHdMfNZne3zeK02Ehl6pVodxnlyc6BkDchdI+V
hTvkeTsz6XMDbKkZ7r+60jwa0ri0TV+xq06opJxpxTtYKtNr60VLEWsYN4IwnSaz
9aVR15SZ8lQ1weMbyVw4iPjPIsrqLOJ/zeSPrqhisYjroGKHaeBkfoL+mDnTcwlZ
JXiWWFVgoxeXfeGXReic0N7wpeRdlJRBvhls04iuuBQTjQ7X6v/ypb/9EOUqJxLN
9VKhh1UoPa+kSoSeS0na6vJ17CMpSkYdyzivIZ8OB8Xr27kWq/v99BjHSt0M51mU
CLXxPUHaQ7TFs/ciEfsOoy9LcATCAem+pTcW9vyVflrssHqMZuvLpzPR6e9XeKA3
387+8fcORd3gWMBm2pWWLZ/8mi9Xu4Vx/xmGeChfImp7w5XA0lU=
=JjwF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3556-1] aom security update
Next by Date: [SECURITY] [DLA 3558-1] python-django security update
Previous by thread: [SECURITY] [DLA 3556-1] aom security update
Next by thread: [SECURITY] [DLA 3558-1] python-django security update
Index(es):
- Date
- Thread