Paketname
memcached
Datum
2014-01-17
Advisory ID
MDVSA-2014:010
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been discovered and corrected in
memcached:

The process_bin_delete function in memcached.c in memcached 1.4.4 and
other versions before 1.4.17, when running in verbose mode, allows
remote attackers to cause a denial of service (segmentation fault)
via a request to delete a key, which does not account for the lack
of a null terminator in the key and triggers a buffer over-read when
printing to stderr (CVE-2013-0179).

memcached before 1.4.17 allows remote attackers to bypass
authentication by sending an invalid request with SASL credentials,
then sending another request with incorrect SASL credentials
(CVE-2013-7239).

The do_item_get function in items.c in memcached 1.4.4 and other
versions before 1.4.17, when running in verbose mode, allows remote
attackers to cause a denial of service (segmentation fault) via a
request to delete a key, which does not account for the lack of a null
terminator in the key and triggers a buffer over-read when printing to
stderr, a different vulnerability than CVE-2013-0179 (CVE-2013-7290).

memcached before 1.4.17, when running in verbose mode, allows
remote attackers to cause a denial of service (crash) via a request
that triggers an unbounded key print during logging, related to an
issue that was quickly grepped out of the source tree, a different
vulnerability than CVE-2013-0179 and CVE-2013-7290 (CVE-2013-7291).

The updated packages have been upgraded to the 1.4.17 version which
is unaffected by these issues.

Aktualisierte Pakete

MES5 i586

 a16c2422bfa525dbbaaf53a1947eb857  mes5/i586/memcached-1.4.17-0.1mdvmes5.2.i586.rpm
 bb30dd36547f39e0cc197e3286882c62  mes5/i586/memcached-devel-1.4.17-0.1mdvmes5.2.i586.rpm 
 ef22bb85c812d510bde6110098a38f01  mes5/SRPMS/memcached-1.4.17-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 8035d2870bcd192b1c6b6419256e4714  mbs1/x86_64/memcached-1.4.17-1.mbs1.x86_64.rpm
 5343cfb775b8adc04760f6b5717aa4ce  mbs1/x86_64/memcached-devel-1.4.17-1.mbs1.x86_64.rpm 
 d7a230375722086b5419ca49544de75c  mbs1/SRPMS/memcached-1.4.17-1.mbs1.src.rpm

MES5 x86_64

 74c7f0f6ece79b4cbe924c8d41670d7a  mes5/x86_64/memcached-1.4.17-0.1mdvmes5.2.x86_64.rpm
 a4b21173b04c8944067f34870b948fba  mes5/x86_64/memcached-devel-1.4.17-0.1mdvmes5.2.x86_64.rpm 
 ef22bb85c812d510bde6110098a38f01  mes5/SRPMS/memcached-1.4.17-0.1mdvmes5.2.src.rpm

Referenzen