Updated memcached package fixes multiple security vulnerabilities
Publication date: 21 Jan 2014Modification date: 21 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-0179 , CVE-2013-7239 , CVE-2013-7290 , CVE-2013-7291
Description
Updated memcached packages fix security vulnerability:
It was reported that SASL authentication could be bypassed due to a flaw
related to the managment of the SASL authentication state. With a specially
crafted request, a remote attacker may be able to authenticate with invalid
SASL credentials (CVE-2013-7239).
Multiple issues in memcached before 1.4.17 which allow remote attackers to
cause a denial of service by sending a request that causes a crash when
memcached is running in verbose mode (CVE-2013-0179, CVE-2013-7290,
CVE-2013-7291).
References
- http://www.debian.org/security/2014/dsa-2832
- https://bugs.mageia.org/show_bug.cgi?id=12156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7290
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7291
SRPMS
3/core
- memcached-1.4.17-1.mga3