——————————————————————————–
Fedora Update Notification
FEDORA-2014-0934
2014-01-16 05:26:12
——————————————————————————–
Name : memcached
Product : Fedora 19
Version : 1.4.17
Release : 1.fc19
URL : http://www.memcached.org/
Summary : High Performance, Distributed Memory Object Cache
Description :
memcached is a high-performance, distributed memory object caching
system, generic in nature, but intended for use in speeding up dynamic
web applications by alleviating database load.
——————————————————————————–
Update Information:
This is an update to the latest upstream release. It fixes several security vulnerabilities, possible crashes when the key is printed in verbose mode and crash with specially crafted packet. (CVE-2011-4971, CVE-2013-0179, CVE-2013-7291 CVE-2013-7290)
——————————————————————————–
ChangeLog:
* Wed Jan 15 2014 Miroslav Lichvar <mlichvar@redhat.com> – 0:1.4.17-1
– update to 1.4.17
– fix building with -Werror=format-security in CFLAGS
* Wed Aug 7 2013 Miroslav Lichvar <mlichvar@redhat.com> – 0:1.4.15-7
– buildrequire systemd-units (#992221)
– update memcached man page
– add memcached-tool man page
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0:1.4.15-6
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> – 0:1.4.15-5
– Perl 5.18 rebuild
——————————————————————————–
References:
[ 1 ] Bug #895054 – CVE-2013-0179 memcached: DoS due to buffer overrun when printing out keys to be deleted in verbose mode
https://bugzilla.redhat.com/show_bug.cgi?id=895054
[ 2 ] Bug #957964 – CVE-2011-4971 memcached: specially crafted packet segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=957964
[ 3 ] Bug #1052863 – CVE-2013-7290 memcached: remote DoS (segmentation fault) via a request to delete a key
https://bugzilla.redhat.com/show_bug.cgi?id=1052863
[ 4 ] Bug #1052864 – CVE-2013-7291 memcached: remote DoS (crash) via a request that triggers “unbounded key print”
https://bugzilla.redhat.com/show_bug.cgi?id=1052864
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update memcached’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-0926
2014-01-16 05:25:54
——————————————————————————–
Name : memcached
Product : Fedora 20
Version : 1.4.17
Release : 1.fc20
URL : http://www.memcached.org/
Summary : High Performance, Distributed Memory Object Cache
Description :
memcached is a high-performance, distributed memory object caching
system, generic in nature, but intended for use in speeding up dynamic
web applications by alleviating database load.
——————————————————————————–
Update Information:
This is an update to the latest upstream release. It fixes several security vulnerabilities, possible crashes when the key is printed in verbose mode and crash with specially crafted packet. (CVE-2011-4971, CVE-2013-0179, CVE-2013-7291 CVE-2013-7290)
——————————————————————————–
ChangeLog:
* Wed Jan 15 2014 Miroslav Lichvar <mlichvar@redhat.com> – 0:1.4.17-1
– update to 1.4.17
– fix building with -Werror=format-security in CFLAGS
——————————————————————————–
References:
[ 1 ] Bug #895054 – CVE-2013-0179 memcached: DoS due to buffer overrun when printing out keys to be deleted in verbose mode
https://bugzilla.redhat.com/show_bug.cgi?id=895054
[ 2 ] Bug #957964 – CVE-2011-4971 memcached: specially crafted packet segmentation fault
https://bugzilla.redhat.com/show_bug.cgi?id=957964
[ 3 ] Bug #1052863 – CVE-2013-7290 memcached: remote DoS (segmentation fault) via a request to delete a key
https://bugzilla.redhat.com/show_bug.cgi?id=1052863
[ 4 ] Bug #1052864 – CVE-2013-7291 memcached: remote DoS (crash) via a request that triggers “unbounded key print”
https://bugzilla.redhat.com/show_bug.cgi?id=1052864
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update memcached’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce