You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa memcached

Sigurnosni nedostaci programskog paketa memcached

SUSE Security Update: Security update for memcached
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:0778-1
Rating: important
References: #1007869 #1007870 #1007871 #1056865 #798458
#817781 #857188 #858676 #858677
Cross-References: CVE-2011-4971 CVE-2013-0179 CVE-2013-7239
CVE-2013-7290 CVE-2013-7291 CVE-2016-8704
CVE-2016-8705 CVE-2016-8706 CVE-2017-9951

Affected Products:
SUSE OpenStack Cloud 7
SUSE Enterprise Storage 4
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for memcached fixes the following issues:

Security issues fixed:

– CVE-2011-4971: remote DoS (bsc#817781).
– CVE-2013-0179: DoS when printing out keys to be deleted in verbose mode
(bsc#798458).
– CVE-2013-7239: SASL authentication allows wrong credentials to access
memcache (bsc#857188).
– CVE-2013-7290: remote DoS (segmentation fault) via a request to delete a
key (bsc#858677).
– CVE-2013-7291: remote DoS (crash) via a request that triggers “unbounded
key print” (bsc#858676).
– CVE-2016-8704: Server append/prepend remote code execution (bsc#1007871).
– CVE-2016-8705: Server update remote code execution (bsc#1007870).
– CVE-2016-8706: Server ASL authentication remote code execution
(bsc#1007869).
– CVE-2017-9951: Heap-based buffer over-read in try_read_command function
(incomplete fix for CVE-2016-8705) (bsc#1056865).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 7:

zypper in -t patch SUSE-OpenStack-Cloud-7-2018-529=1

– SUSE Enterprise Storage 4:

zypper in -t patch SUSE-Storage-4-2018-529=1

Package List:

– SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):

memcached-1.4.39-3.3.2
memcached-debuginfo-1.4.39-3.3.2
memcached-debugsource-1.4.39-3.3.2

– SUSE Enterprise Storage 4 (aarch64 x86_64):

memcached-1.4.39-3.3.2
memcached-debuginfo-1.4.39-3.3.2
memcached-debugsource-1.4.39-3.3.2

References:

https://www.suse.com/security/cve/CVE-2011-4971.html
https://www.suse.com/security/cve/CVE-2013-0179.html
https://www.suse.com/security/cve/CVE-2013-7239.html
https://www.suse.com/security/cve/CVE-2013-7290.html
https://www.suse.com/security/cve/CVE-2013-7291.html
https://www.suse.com/security/cve/CVE-2016-8704.html
https://www.suse.com/security/cve/CVE-2016-8705.html
https://www.suse.com/security/cve/CVE-2016-8706.html
https://www.suse.com/security/cve/CVE-2017-9951.html
https://bugzilla.suse.com/1007869
https://bugzilla.suse.com/1007870
https://bugzilla.suse.com/1007871
https://bugzilla.suse.com/1056865
https://bugzilla.suse.com/798458
https://bugzilla.suse.com/817781
https://bugzilla.suse.com/857188
https://bugzilla.suse.com/858676
https://bugzilla.suse.com/858677


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

 

SUSE Security Update: Security update for memcached
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:0807-1
Rating: important
References: #1007869 #1007870 #1007871 #1056865 #798458
#817781 #857188 #858676 #858677
Cross-References: CVE-2011-4971 CVE-2013-0179 CVE-2013-7239
CVE-2013-7290 CVE-2013-7291 CVE-2016-8704
CVE-2016-8705 CVE-2016-8706 CVE-2017-9951

Affected Products:
SUSE OpenStack Cloud 6
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for memcached fixes the following issues:

Security issues fixed:

– CVE-2011-4971: remote DoS (bsc#817781).
– CVE-2013-0179: DoS when printing out keys to be deleted in verbose mode
(bsc#798458).
– CVE-2013-7239: SASL authentication allows wrong credentials to access
memcache (bsc#857188).
– CVE-2013-7290: remote DoS (segmentation fault) via a request to delete a
key (bsc#858677).
– CVE-2013-7291: remote DoS (crash) via a request that triggers “unbounded
key print” (bsc#858676).
– CVE-2016-8704: Server append/prepend remote code execution (bsc#1007871).
– CVE-2016-8705: Server update remote code execution (bsc#1007870).
– CVE-2016-8706: Server ASL authentication remote code execution
(bsc#1007869).
– CVE-2017-9951: Heap-based buffer over-read in try_read_command function
(incomplete fix for CVE-2016-8705) (bsc#1056865).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2018-545=1

Package List:

– SUSE OpenStack Cloud 6 (x86_64):

memcached-1.4.39-3.3.1
memcached-debuginfo-1.4.39-3.3.1
memcached-debugsource-1.4.39-3.3.1

References:

https://www.suse.com/security/cve/CVE-2011-4971.html
https://www.suse.com/security/cve/CVE-2013-0179.html
https://www.suse.com/security/cve/CVE-2013-7239.html
https://www.suse.com/security/cve/CVE-2013-7290.html
https://www.suse.com/security/cve/CVE-2013-7291.html
https://www.suse.com/security/cve/CVE-2016-8704.html
https://www.suse.com/security/cve/CVE-2016-8705.html
https://www.suse.com/security/cve/CVE-2016-8706.html
https://www.suse.com/security/cve/CVE-2017-9951.html
https://bugzilla.suse.com/1007869
https://bugzilla.suse.com/1007870
https://bugzilla.suse.com/1007871
https://bugzilla.suse.com/1056865
https://bugzilla.suse.com/798458
https://bugzilla.suse.com/817781
https://bugzilla.suse.com/857188
https://bugzilla.suse.com/858676
https://bugzilla.suse.com/858677


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke glibc

Otkriven je sigurnosni nedostatak u programskoj biblioteci glibc za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje povišenih ovlasti....

Close