-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : memcached Version : 1.4.13-0.2+deb7u2 CVE ID : CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 Debian Bug : 735314 842811 842812 842814
Multiple vulnerabilites have been found in memcached, a high-performance memory object caching system. A remote attacker could take advantage of these flaws to cause a denial of service (daemon crash), or potentially to execute arbitrary code. CVE-2013-7291 It was discovered that memcached, when running in verbose mode, can be crashed by sending carefully crafted requests that trigger an unbounded key print, resulting in a daemon crash. CVE-2016-8704, CVE-2016-8705, CVE-2016-8706 Aleksandar Nikolic of Cisco Talos found several vulnerabilities in memcached. A remote attacker could cause an integer overflow by sending carefully crafted requests to the memcached server, resulting in a daemon crash. For Debian 7 "Wheezy", these problems have been fixed in version 1.4.13-0.2+deb7u2. We recommend that you upgrade your memcached packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -----BEGIN PGP SIGNATURE----- iQItBAEBCAAXBQJYHfNHEBxtZWpvQGRlYmlhbi5vcmcACgkQUmLn/0kQSf7UHhAA pFRDqdRib5BN2ZlzaEUNJIdwqHBFpnS6CD8j153WkBasbBGonhc5MqzsoT+1Ll3I M7q/sgnXqpQg7VBuX1rXFKA04IcmQpyBFvsLiqDZ8fyzMn0+qtzG3ezU6Kan72T5 sUb42PZll+jJv3ci8tRUAkYhI+TbVtzqqwbrKK2A2cKfZvYLVe2GR0LRKg0Zo5T0 pbB+Mb7q73pBmpZAnxBA17wf/UFiboGpgB27m0AMJlA4V/Hd2WhY/3+RFRyLR+nm FL1tDt9pGwXj4BWAi4p95iZbfQULzncCqsJTcBgyTbmK5NXwmaL+x432cAY9uULd H2ipPTI5SevDKGKkN+ruEzNnMrOkAICc5r27IIPfFmsHZzZLqyNWAw3Ysr1v05IL Uqn+bBv1gHpqZlDzjHSppMGuCvGk0ZiU5A7M113H2HPY668w8zbk+lIhr9yzNFXl xFwRdRDs2omgEDUGnH0tifbWdH8lABPTWaBrrJwPRHxugLbR2Snmp7Mj1gKtuDYI MgeLvmhOvJCI+btGgaV19VxgcWiAJ9JOVqo0CnTpdQlmainiNMWHr7nS8ZZBVMKM CInf/RUMbYS1Kgy2mXVPwM7I24ORb2b4Qsh879M7mEIEtJJLM3+blXA8SztACAMf Czq4q/GHbGgDm82tKC5baDAdRT95VKTirqFk4c9Um+A= =tEFB -----END PGP SIGNATURE-----