Advisories » MGASA-2026-0203

Updated memcached packages fix security vulnerabilities

Publication date: 12 Jun 2026
Modification date: 12 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-47783 , CVE-2026-47784

Description

CVE-2026-47784 In memcached before 1.6.42, password data for SASL
password database authentication has a timing side channel because
memcmp is used by sasl_server_userdb_checkpass.
CVE-2026-47783 In memcached before 1.6.42, username data for SASL
password database authentication has a timing side channel because a
loop exits as soon as a valid username is found by
sasl_server_userdb_checkpass.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35552
• https://github.com/memcached/memcached/wiki/ReleaseNotes1642
• https://www.cve.org/CVERecord?id=CVE-2026-47783
• https://www.cve.org/CVERecord?id=CVE-2026-47784

SRPMS

9/core

• memcached-1.6.42-1.mga9