Описание
Security update for memcached
This update for memcached fixes the following issues:
Security issue fixed:
- CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817).
- CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP1
memcached-1.5.6-4.5.30
memcached-devel-1.5.6-4.5.30
Ссылки
- Link for SUSE-SU-2020:1381-1
- E-Mail link for SUSE-SU-2020:1381-1
- SUSE Security Ratings
- SUSE Bug 1133817
- SUSE Bug 1149110
- SUSE CVE CVE-2019-11596 page
- SUSE CVE CVE-2019-15026 page
Описание
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:memcached-1.5.6-4.5.30
SUSE Linux Enterprise Module for Server Applications 15 SP1:memcached-devel-1.5.6-4.5.30
Ссылки
- CVE-2019-11596
- SUSE Bug 1133817
Описание
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP1:memcached-1.5.6-4.5.30
SUSE Linux Enterprise Module for Server Applications 15 SP1:memcached-devel-1.5.6-4.5.30
Ссылки
- CVE-2019-15026
- SUSE Bug 1149110