| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Nov 2013 19:22:00 +0100 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2013:280 ] memcached -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:280 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : memcached Date : November 22, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was found and corrected in memcached: Memcached is vulnerable to a denial of service as it can be made to crash when it receives a specially crafted packet over the network (CVE-2011-4971). The updated packages for Enterprise Server 5 has beed patched to resolve this flaw. The updated packages for Business Server 1 has been upgraded to the 1.4.15 version and patched to resolve this flaw. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4971 https://code.google.com/p/memcached/issues/detail?id=192#c19 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 1fb72afece943cdd5955039dbc9a7634 mes5/i586/memcached-1.2.8-0.2mdvmes5.2.i586.rpm 25bc9b9e6d4280cdc10127859b7b3dc2 mes5/SRPMS/memcached-1.2.8-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 014b8f08b4a87a31104feeb3c954b522 mes5/x86_64/memcached-1.2.8-0.2mdvmes5.2.x86_64.rpm 25bc9b9e6d4280cdc10127859b7b3dc2 mes5/SRPMS/memcached-1.2.8-0.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 95f2df143a2db0d46c9ba1d8a42cc205 mbs1/x86_64/memcached-1.4.15-1.mbs1.x86_64.rpm efe0356522c0d60ed99a8cb3929f6985 mbs1/x86_64/memcached-devel-1.4.15-1.mbs1.x86_64.rpm daf15440663f314840b73144de85009e mbs1/SRPMS/memcached-1.4.15-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSj3TimqjQ0CJFipgRApFyAJ95Jp2AnJzjhcg62UogL4K7OOndGgCg4D2X d1wY3WgduR9aDbhToxSjPMs= =r7Ev -----END PGP SIGNATURE-----
Powered by blists - more mailing lists