MDVSA-2009:105
- Package name
- memcached
- Date
- 2009-05-04
- Advisory ID
- MDVSA-2009:105
- Affected versions
- 2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2009.1 x86_64
Problem description
The process_stat function in Memcached prior 1.2.8 discloses
memory-allocation statistics in response to a stats malloc command,
which allows remote attackers to obtain potentially sensitive
information by sending this command to the daemon's TCP port
(CVE-2009-1255, CVE-2009-1494).
The updated packages have been patched to prevent this.
Updated packages
2009.0 x86_64
c4b61db8185bd7315cb4bed3ad373b96 2009.0/x86_64/memcached-1.2.6-2.1mdv2009.0.x86_64.rpm 53434fb685cdc440af735ff26fac04c6 2009.0/SRPMS/memcached-1.2.6-2.1mdv2009.0.src.rpm
2009.1 i586
02482319db1fa17cef02bce51631b187 2009.1/i586/memcached-1.2.6-4.1mdv2009.1.i586.rpm 73716bff70c37267619823c7658f79ba 2009.1/SRPMS/memcached-1.2.6-4.1mdv2009.1.src.rpm
2009.0 i586
83f694e936c96cc44879dd80763766c5 2009.0/i586/memcached-1.2.6-2.1mdv2009.0.i586.rpm 53434fb685cdc440af735ff26fac04c6 2009.0/SRPMS/memcached-1.2.6-2.1mdv2009.0.src.rpm
CS4.0 i586
af73aa510b773292eb35d505318c3781 corporate/4.0/i586/memcached-1.1.12-4.1.20060mlcs4.i586.rpm 811c8c13edcc46348e2a97bc52e23b18 corporate/4.0/SRPMS/memcached-1.1.12-4.1.20060mlcs4.src.rpm
CS4.0 x86_64
9d151d93ed23fd45a5c091e67751bc0c corporate/4.0/x86_64/memcached-1.1.12-4.1.20060mlcs4.x86_64.rpm 811c8c13edcc46348e2a97bc52e23b18 corporate/4.0/SRPMS/memcached-1.1.12-4.1.20060mlcs4.src.rpm
2009.1 x86_64
60e92b7d6a84b74b7ff66d60a2d7917c 2009.1/x86_64/memcached-1.2.6-4.1mdv2009.1.x86_64.rpm 73716bff70c37267619823c7658f79ba 2009.1/SRPMS/memcached-1.2.6-4.1mdv2009.1.src.rpm