[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1033-1] memcached security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : memcached
Version        : 1.4.13-0.2+deb7u3
CVE ID         : CVE-2017-9951
Debian Bug     : #868701

It was discovered that there was a remote denial-of-service (DoS) vulnerability
in memcached, a high-performance memory object caching system.

The try_read_command function allowed remote attackers to cause a DoS via a
request to add/set a key that makes a comparison between a signed and unsigned
integer which triggered a heap-based buffer over-read.

This vulnerability existed due to an incomplete upstream fix for CVE-2016-8705.

For Debian 7 "Wheezy", this issue has been fixed in memcached version
1.4.13-0.2+deb7u3.

We recommend that you upgrade your memcached packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllwcuUACgkQHpU+J9Qx
HlgELhAAp2XzLI+9ZDEzEcM1iIwWClq+aSGclB57gq8p2/q5kntdbqRjod/ITPpl
GBZSG70fSPHDAvP1GMIYUpdypXYN2PvqOr5s9tWgedcHUI95G4UgtDx7MuTL1+pU
NeVL+/NB5Hv9+3uCwRu6Ot4qaSdNUAffNDw1fv7sxAiZVe1t8WZqIbATqPoDJ2y/
FRuK7f9PpqCxBpioQhekMRaZv4cofkh8N0Jgj7hCZQZUldUjvud3rwFc4H45N3zp
zV4d3s3EVLMViJGL7et8Csaz6W46YYOq/EkU0az9Yw9QY1yGVVnvI1N2tni+jcRw
Gsa41Z9+nlDOcN2fAkQwDBBbdIoAte0wRjdE28kzX7m5wrtg7s1OnjXCZj3iz5Cy
hcwHjeNxVOPbWf1Cfmgg/p08H712kwnRDy2LMpJlD9LvmFRz0IDHFCvK0Ft81DYf
OrKOVJpHX+pBKFge3KsaXelgjOxTh1hQp6Ta3/JduP3nMW3NuRTVjCnuqYZDd8wF
VN9BvpWh2gKYDq44tXAq3kcloqGR1YnSOwrtqojBklAxg0uteJDkReT1vKQ7GwyP
ud34iIoL2TKgK63YZ8fdwMiw6yHiv0Ves+HZT+K7o1bBaLyOcBh7OQPlKCHMjCRh
rndw9/p1k/W21cJx+qsrpCu9Rfuu5LOJ/MoFyGh5JzQFlMg7E/M=
=ugyH
-----END PGP SIGNATURE-----


Reply to: