Advisories » MGASA-2018-0165

Updated memcached packages disable UDP by default

Publication date: 14 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000115

Description

Updated memcached packages fix security vulnerabilities:

Memcached enabled UDP by default, which could be exploited to denial of service 
via network flood (CVE-2018-1000115). By default this UPD is now closed.

With this release some overflow and deadlock situations get fixed too.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22688
• http://www.openwall.com/lists/oss-security/2018/03/03/1
• http://openwall.com/lists/oss-security/2018/03/08/1
• http://openwall.com/lists/oss-security/2018/03/08/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000115

SRPMS

6/core

• memcached-1.5.6-1.mga6