Topic: [RH6] important memcached security update (CVE-2016-8704, CVE-2016-870

Hello,

There was an important memcached security update made on 23.11.2016:

Security Fix(es):

* Two integer overflow flaws, leading to heap-based buffer overflows, were found
in the memcached binary protocol. An attacker could create a specially crafted
message that would cause the memcached server to crash or, potentially, execute
arbitrary code. (CVE-2016-8704, CVE-2016-8705)

You can find complete details at the following address: https://rhn.redhat.com/errata/RHSA-2016-2820.html.

When do you think you will have an update for the memcache package?

Thank you for your work!
Raluca

Re: [RH6] important memcached security update (CVE-2016-8704, CVE-2016-870

memcached 1.4.33 is available in the repo since released and since this vulnerabilities are public.

Desktop: Fedora 25 x86_64 + rpmfusion + remi-test + remi-dev
Laptop:  Fedora 26 x86_64 + remi (SCL only)
Hosting Server: CentOS 6.9 x86_64 + EPEL + remi + remi-php70

Re: [RH6] important memcached security update (CVE-2016-8704, CVE-2016-870

Great! It was not clear from the change-log if that package contained the fix or not.

Thank you!