Mageia alert MGASA-2014-0018 (memcached)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2014-0018: Updated memcached package fixes multiple security vulnerabilities 
Date:
    	     
 
Tue, 21 Jan 2014 17:14:54 +0100
Message-ID:
    	     
 
<20140121161454.9DE615C367@valstar.mageia.org>
MGASA-2014-0018 - Updated memcached package fixes multiple security vulnerabilities

Publication date: 21 Jan 2014
URL: http://advisories.mageia.org/MGASA-2014-0018.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2013-0179,
     CVE-2013-7239,
     CVE-2013-7290,
     CVE-2013-7291

Description:
Updated memcached packages fix security vulnerability:

It was reported that SASL authentication could be bypassed due to a flaw
related to the managment of the SASL authentication state. With a specially
crafted request, a remote attacker may be able to authenticate with invalid
SASL credentials (CVE-2013-7239).

Multiple issues in memcached before 1.4.17 which allow remote attackers to
cause a denial of service by sending a request that causes a crash when
memcached is running in verbose mode (CVE-2013-0179, CVE-2013-7290,
CVE-2013-7291).

References:
- http://www.debian.org/security/2014/dsa-2832
- https://bugs.mageia.org/show_bug.cgi?id=12156
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7290
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7291

SRPMS:
- 3/core/memcached-1.4.17-1.mga3