You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa memcached

Sigurnosni nedostaci programskog paketa memcached

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2080-1
January 13, 2014

memcached vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 13.04
– Ubuntu 12.10
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Memcached.

Software Description:
– memcached: A high-performance memory object caching system

Details:

Stefan Bucur discovered that Memcached incorrectly handled certain large
body lengths. A remote attacker could use this issue to cause Memcached to
crash, resulting in a denial of service. (CVE-2011-4971)

Jeremy Sowden discovered that Memcached incorrectly handled logging certain
details when the -vv option was used. An attacker could use this issue to
cause Memcached to crash, resulting in a denial of service. (CVE-2013-0179)

It was discovered that Memcached incorrectly handled SASL authentication.
A remote attacker could use this issue to bypass SASL authentication
completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu
13.10. (CVE-2013-7239)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
memcached 1.4.14-0ubuntu4.1

Ubuntu 13.04:
memcached 1.4.14-0ubuntu1.13.04.1

Ubuntu 12.10:
memcached 1.4.14-0ubuntu1.12.10.1

Ubuntu 12.04 LTS:
memcached 1.4.13-0ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2080-1
CVE-2011-4971, CVE-2013-0179, CVE-2013-7239

Package Information:
https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu4.1
https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.13.04.1
https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.12.10.1
https://launchpad.net/ubuntu/+source/memcached/1.4.13-0ubuntu2.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJS1D+vAAoJEGVp2FWnRL6TN4YQAI2nO1RlfbD7W3K+JAFYzV9x
hVlrY2Ek+C5if+vfhCt1M0nHIyYbetWSTp3HRrrnH6eAKrEOnkGI9AKHNFHomF1M
KE6gUpEGg6jQUwIqz8apVMoqRbBxMrXOOw0cCKEMfjklzx9OyQ5ecvevz32c9nDX
TW34IZoOjCru/y4dpWNFLJRVU6zU1x6cHBoIHfbJqSJsceU+T2E858Rfmnhc4/qk
P+H2bHYBkpUVcyf504TaN8bKB8mvLr317c9Heg4vuXHsV1+vD+Q4IYw2oIYnXuIj
FbnZF86RS9sRQh3dXGtQCB6fCTHsGCP1MS3i9xpbZ09I9V4p8cCSM1G5zT7COghx
323IhPzqzphJ6PFCQ+e5gr7hhshNc1un0vMaANj/w5BhmVFJ0iXHK8AmDpOr9BkB
GhdMOhaJzSw74xWJWbEe6lK2V1DFGXT7OijiFTlbyOqDMkUZ+cqfBsHpzgNvwsLH
Lk/3x+IethzKsamy8CgCEiwaGGRZogNtq6Or//21FzKCRH9eNC5zbdYOlDbqlDtp
n5F++CrC0zEZv5dssFy6bLzp+2GnG18bXZWQaA7rpcdSuJi5ItsD65irROgCCcH6
Ew/u2LjZ4ftfQePjSgcZt/WsEftMwze/STQf0GyEanSooUtnK3jNcU5sDnNoUszn
NeyRf62DVOTK384J6tia
=/kZ5
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2014-01-0015-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa graphviz

Otkriveni su sigurnosni nedostaci u programskom paketu graphviz. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog koda ili izvođenje napada...

Close