• Registered: 2016-12-01
  • Posts: 2

Topic: [RH6] important memcached security update (CVE-2016-8704, CVE-2016-870

Hello,

There was an important memcached security update made on 23.11.2016:

Security Fix(es):

* Two integer overflow flaws, leading to heap-based buffer overflows, were found
in the memcached binary protocol. An attacker could create a specially crafted
message that would cause the memcached server to crash or, potentially, execute
arbitrary code. (CVE-2016-8704, CVE-2016-8705)

You can find complete details at the following address: https://rhn.redhat.com/errata/RHSA-2016-2820.html.

When do you think you will have an update for the memcache package?

Thank you for your work!
Raluca

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,834

Re: [RH6] important memcached security update (CVE-2016-8704, CVE-2016-870

memcached 1.4.33 is available in the repo since released and since this vulnerabilities are public.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Registered: 2016-12-01
  • Posts: 2

Re: [RH6] important memcached security update (CVE-2016-8704, CVE-2016-870

Great! It was not clear from the change-log if that package contained the fix or not.

Thank you!