Описание
Security update for memcached
This update for memcached fixes the following issues:
Security issue fixed:
- CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817).
- CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server 12 SP5
memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
memcached-1.4.39-4.11.2
SUSE Linux Enterprise Software Development Kit 12 SP4
memcached-devel-1.4.39-4.11.2
SUSE Linux Enterprise Software Development Kit 12 SP5
memcached-devel-1.4.39-4.11.2
Ссылки
- Link for SUSE-SU-2020:0843-1
- E-Mail link for SUSE-SU-2020:0843-1
- SUSE Security Ratings
- SUSE Bug 1133817
- SUSE Bug 1149110
- SUSE CVE CVE-2019-11596 page
- SUSE CVE CVE-2019-15026 page
Описание
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server 12 SP5:memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4:memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:memcached-1.4.39-4.11.2
Ссылки
- CVE-2019-11596
- SUSE Bug 1133817
Описание
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server 12 SP5:memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4:memcached-1.4.39-4.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:memcached-1.4.39-4.11.2
Ссылки
- CVE-2019-15026
- SUSE Bug 1149110