Описание
Security update for memcached
This update fixes the following issues:
- CVE-2016-8705: Server update remote code execution (bsc#1007870).
- CVE-2017-9951: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705) (bsc#1056865).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
memcached-1.2.6-5.17.4.1
SUSE Studio Onsite 1.3
memcached-1.2.6-5.17.4.1
SUSE Studio Onsite Runner 1.3
memcached-1.2.6-5.17.4.1
Ссылки
- Link for SUSE-SU-2018:1601-1
- E-Mail link for SUSE-SU-2018:1601-1
- SUSE Security Ratings
- SUSE Bug 1007870
- SUSE Bug 1056865
- SUSE CVE CVE-2016-8705 page
- SUSE CVE CVE-2017-9951 page
Описание
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:memcached-1.2.6-5.17.4.1
SUSE Studio Onsite 1.3:memcached-1.2.6-5.17.4.1
SUSE Studio Onsite Runner 1.3:memcached-1.2.6-5.17.4.1
Ссылки
- CVE-2016-8705
- SUSE Bug 1007866
- SUSE Bug 1007870
- SUSE Bug 1056865
Описание
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:memcached-1.2.6-5.17.4.1
SUSE Studio Onsite 1.3:memcached-1.2.6-5.17.4.1
SUSE Studio Onsite Runner 1.3:memcached-1.2.6-5.17.4.1
Ссылки
- CVE-2017-9951
- SUSE Bug 1007870
- SUSE Bug 1056865