-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : memcached Version : 1.4.13-0.2+deb7u3 CVE ID : CVE-2017-9951 Debian Bug : #868701
It was discovered that there was a remote denial-of-service (DoS) vulnerability in memcached, a high-performance memory object caching system. The try_read_command function allowed remote attackers to cause a DoS via a request to add/set a key that makes a comparison between a signed and unsigned integer which triggered a heap-based buffer over-read. This vulnerability existed due to an incomplete upstream fix for CVE-2016-8705. For Debian 7 "Wheezy", this issue has been fixed in memcached version 1.4.13-0.2+deb7u3. We recommend that you upgrade your memcached packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllwcuUACgkQHpU+J9Qx HlgELhAAp2XzLI+9ZDEzEcM1iIwWClq+aSGclB57gq8p2/q5kntdbqRjod/ITPpl GBZSG70fSPHDAvP1GMIYUpdypXYN2PvqOr5s9tWgedcHUI95G4UgtDx7MuTL1+pU NeVL+/NB5Hv9+3uCwRu6Ot4qaSdNUAffNDw1fv7sxAiZVe1t8WZqIbATqPoDJ2y/ FRuK7f9PpqCxBpioQhekMRaZv4cofkh8N0Jgj7hCZQZUldUjvud3rwFc4H45N3zp zV4d3s3EVLMViJGL7et8Csaz6W46YYOq/EkU0az9Yw9QY1yGVVnvI1N2tni+jcRw Gsa41Z9+nlDOcN2fAkQwDBBbdIoAte0wRjdE28kzX7m5wrtg7s1OnjXCZj3iz5Cy hcwHjeNxVOPbWf1Cfmgg/p08H712kwnRDy2LMpJlD9LvmFRz0IDHFCvK0Ft81DYf OrKOVJpHX+pBKFge3KsaXelgjOxTh1hQp6Ta3/JduP3nMW3NuRTVjCnuqYZDd8wF VN9BvpWh2gKYDq44tXAq3kcloqGR1YnSOwrtqojBklAxg0uteJDkReT1vKQ7GwyP ud34iIoL2TKgK63YZ8fdwMiw6yHiv0Ves+HZT+K7o1bBaLyOcBh7OQPlKCHMjCRh rndw9/p1k/W21cJx+qsrpCu9Rfuu5LOJ/MoFyGh5JzQFlMg7E/M= =ugyH -----END PGP SIGNATURE-----