Debian Security Advisory
DLA-701-1 memcached -- LTS security update
- Date Reported:
- 05 Nov 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 735314, Bug 842811, Bug 842812, Bug 842814.
In Mitre's CVE dictionary: CVE-2013-7291, CVE-2016-8704, CVE-2016-8705, CVE-2016-8706.
- More information:
Multiple vulnerabilites have been found in memcached, a high-performance memory object caching system. A remote attacker could take advantage of these flaws to cause a denial of service (daemon crash), or potentially to execute arbitrary code.
It was discovered that memcached, when running in verbose mode, can be crashed by sending carefully crafted requests that trigger an unbounded key print, resulting in a daemon crash.
- CVE-2016-8704 /
Aleksandar Nikolic of Cisco Talos found several vulnerabilities in memcached. A remote attacker could cause an integer overflow by sending carefully crafted requests to the memcached server, resulting in a daemon crash.
For Debian 7
Wheezy, these problems have been fixed in version 1.4.13-0.2+deb7u2.
We recommend that you upgrade your memcached packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS