Описание
Security update for memcached
This update for memcached fixes the following issues:
Security issue fixed:
- CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817).
- CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
memcached-1.5.6-lp151.4.3.1
memcached-devel-1.5.6-lp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0721-1
- SUSE Security Ratings
- SUSE Bug 1133817
- SUSE Bug 1149110
- SUSE CVE CVE-2019-11596 page
- SUSE CVE CVE-2019-15026 page
Описание
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
Затронутые продукты
openSUSE Leap 15.1:memcached-1.5.6-lp151.4.3.1
openSUSE Leap 15.1:memcached-devel-1.5.6-lp151.4.3.1
Ссылки
- CVE-2019-11596
- SUSE Bug 1133817
Описание
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
Затронутые продукты
openSUSE Leap 15.1:memcached-1.5.6-lp151.4.3.1
openSUSE Leap 15.1:memcached-devel-1.5.6-lp151.4.3.1
Ссылки
- CVE-2019-15026
- SUSE Bug 1149110