Bug 25267 - memcached new security issue CVE-2019-11596
Summary: memcached new security issue CVE-2019-11596
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-11 21:02 CEST by David Walser
Modified: 2019-08-11 22:57 CEST (History)
2 users (show)

See Also:
Source RPM: memcached-1.5.10-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-08-11 21:02:13 CEST
Ubuntu has issued an advisory on May 1:
https://usn.ubuntu.com/3963-1/

The issue is fixed upstream in 1.5.14.

Mageia 6 and Mageia 7 are also affected.
David Walser 2019-08-11 21:02:20 CEST

Whiteboard: (none) => MGA7TOO, MGA6TOO

Comment 1 Marja Van Waes 2019-08-11 22:26:55 CEST
Assigning to our registered memcached maintainer.

Assignee: bugsquad => mageia
CC: (none) => marja11

Comment 2 Marc Krämer 2019-08-11 22:51:56 CEST
Updated memcached packages fix security vulnerabilities:

In memcached before 1.5.14, a NULL pointer dereference was found in the
"lru mode" and "lru temp_ttl" commands. This causes a denial of service
when parsing crafted lru command messages in process_lru_command in
memcached.c.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11596
https://usn.ubuntu.com/usn/usn-3963-1
========================

Updated packages in core/updates_testing:
========================
mga6:
memcached-1.5.16-1.mga6
memcached-devel-1.5.16-1.mga6
memcached-debuginfo-1.5.16-1.mga6

mga7:
memcached-1.5.16-1.mga7
memcached-devel-1.5.16-1.mga7
memcached-debugsource-1.5.16-1.mga7
memcached-debuginfo-1.5.16-1.mga7

Source RPMs:
memcached-1.5.16-1.mga6.src.rpm
memcached-1.5.16-1.mga7.src.rpm

Assignee: mageia => qa-bugs

David Walser 2019-08-11 22:57:59 CEST

CC: (none) => mageia
Version: Cauldron => 7
Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO


Note You need to log in before you can comment on or make changes to this bug.