Advisories ยป MGASA-2017-0441

Updated memcached packages fix security vulnerability

Publication date: 01 Dec 2017
Modification date: 01 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9951

Description

The try_read_command function in memcached.c in memcached before 1.4.39
allows remote attackers to cause a denial of service (segmentation
fault) via a request to add/set a key, which makes a comparison between
signed and unsigned int and triggers a heap-based buffer over-read
(CVE-2017-9951).
                

References

SRPMS

5/core

6/core