Advisories ยป MGASA-2014-0018

Updated memcached package fixes multiple security vulnerabilities

Publication date: 21 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-0179 , CVE-2013-7239 , CVE-2013-7290 , CVE-2013-7291


Updated memcached packages fix security vulnerability:

It was reported that SASL authentication could be bypassed due to a flaw
related to the managment of the SASL authentication state. With a specially
crafted request, a remote attacker may be able to authenticate with invalid
SASL credentials (CVE-2013-7239).

Multiple issues in memcached before 1.4.17 which allow remote attackers to
cause a denial of service by sending a request that causes a crash when
memcached is running in verbose mode (CVE-2013-0179, CVE-2013-7290,