Nom du paquet
memcached
Date
2009-05-04
Advisory ID
MDVSA-2009:105
Affected versions
2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2009.1 x86_64

Problem description

The process_stat function in Memcached prior 1.2.8 discloses
memory-allocation statistics in response to a stats malloc command,
which allows remote attackers to obtain potentially sensitive
information by sending this command to the daemon's TCP port
(CVE-2009-1255, CVE-2009-1494).

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 c4b61db8185bd7315cb4bed3ad373b96  2009.0/x86_64/memcached-1.2.6-2.1mdv2009.0.x86_64.rpm 
 53434fb685cdc440af735ff26fac04c6  2009.0/SRPMS/memcached-1.2.6-2.1mdv2009.0.src.rpm

2009.1 i586

 02482319db1fa17cef02bce51631b187  2009.1/i586/memcached-1.2.6-4.1mdv2009.1.i586.rpm 
 73716bff70c37267619823c7658f79ba  2009.1/SRPMS/memcached-1.2.6-4.1mdv2009.1.src.rpm

2009.0 i586

 83f694e936c96cc44879dd80763766c5  2009.0/i586/memcached-1.2.6-2.1mdv2009.0.i586.rpm 
 53434fb685cdc440af735ff26fac04c6  2009.0/SRPMS/memcached-1.2.6-2.1mdv2009.0.src.rpm

CS4.0 i586

 af73aa510b773292eb35d505318c3781  corporate/4.0/i586/memcached-1.1.12-4.1.20060mlcs4.i586.rpm 
 811c8c13edcc46348e2a97bc52e23b18  corporate/4.0/SRPMS/memcached-1.1.12-4.1.20060mlcs4.src.rpm

CS4.0 x86_64

 9d151d93ed23fd45a5c091e67751bc0c  corporate/4.0/x86_64/memcached-1.1.12-4.1.20060mlcs4.x86_64.rpm 
 811c8c13edcc46348e2a97bc52e23b18  corporate/4.0/SRPMS/memcached-1.1.12-4.1.20060mlcs4.src.rpm

2009.1 x86_64

 60e92b7d6a84b74b7ff66d60a2d7917c  2009.1/x86_64/memcached-1.2.6-4.1mdv2009.1.x86_64.rpm 
 73716bff70c37267619823c7658f79ba  2009.1/SRPMS/memcached-1.2.6-4.1mdv2009.1.src.rpm

References