memcached-1.4.15-10.el7.1

エラータID: AXSA:2016-957:03

Release date: 
Wednesday, November 23, 2016 - 12:52
Subject: 
memcached-1.4.15-10.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

memcached is a high-performance, distributed memory object caching
system, generic in nature, but intended for use in speeding up dynamic
web applications by alleviating database load.

Security issues fixed with this release:

CVE-2016-8704
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8705
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-8706
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-8704
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVE-2016-8705
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CVE-2016-8706
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Additional Info: 

N/A

Download: 

SRPMS
  1. memcached-1.4.15-10.el7.1.src.rpm
    MD5: 6358c244c7ffcf62d4421e790685e083
    SHA-256: 4acf32449688f4985423b60fc61a219fcbbec92648e8b839c396a5c4d901700b
    Size: 336.62 kB

Asianux Server 7 for x86_64
  1. memcached-1.4.15-10.el7.1.x86_64.rpm
    MD5: 02081a291bdabf234ae60d9273001b3c
    SHA-256: 05850948eb6237eae640aa01ffe412e9dfd7056769f75af0f18ffea7f35263ae
    Size: 84.15 kB