Advisories » MGASA-2017-0441

Updated memcached packages fix security vulnerability

Publication date: 01 Dec 2017
Modification date: 01 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9951

Description

The try_read_command function in memcached.c in memcached before 1.4.39
allows remote attackers to cause a denial of service (segmentation
fault) via a request to add/set a key, which makes a comparison between
signed and unsigned int and triggers a heap-based buffer over-read
(CVE-2017-9951).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22068
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EGQ5CRXRSHTKFUB5MCASDOTTZT7YR6IR/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9951

SRPMS

6/core

• memcached-1.4.39-1.mga6

5/core

• memcached-1.4.39-1.mga5