Debian Security Advisory
DLA-701-1 memcached -- LTS security update
- Date Reported:
- 05 Nov 2016
- Affected Packages:
- memcached
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 735314, Bug 842811, Bug 842812, Bug 842814.
In Mitre's CVE dictionary: CVE-2013-7291, CVE-2016-8704, CVE-2016-8705, CVE-2016-8706. - More information:
-
Multiple vulnerabilites have been found in memcached, a high-performance memory object caching system. A remote attacker could take advantage of these flaws to cause a denial of service (daemon crash), or potentially to execute arbitrary code.
- CVE-2013-7291
It was discovered that memcached, when running in verbose mode, can be crashed by sending carefully crafted requests that trigger an unbounded key print, resulting in a daemon crash.
- CVE-2016-8704 /
CVE-2016-8705 /
CVE-2016-8706
Aleksandar Nikolic of Cisco Talos found several vulnerabilities in memcached. A remote attacker could cause an integer overflow by sending carefully crafted requests to the memcached server, resulting in a daemon crash.
For Debian 7
Wheezy
, these problems have been fixed in version 1.4.13-0.2+deb7u2.We recommend that you upgrade your memcached packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2013-7291