Important: memcached

2016-11-10T18:00:00
ID ALAS-2016-761
Type amazon
Reporter Amazon
Modified 2016-11-10T18:00:00

Description

Issue Overview:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8704 __, CVE-2016-8705 __)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8706 __)

Affected Packages:

memcached

Issue Correction:
Run yum update memcached to update your system.

New Packages:

i686:  
    memcached-1.4.15-9.13.amzn1.i686  
    memcached-debuginfo-1.4.15-9.13.amzn1.i686  
    memcached-devel-1.4.15-9.13.amzn1.i686

src:  
    memcached-1.4.15-9.13.amzn1.src

x86_64:  
    memcached-1.4.15-9.13.amzn1.x86_64  
    memcached-devel-1.4.15-9.13.amzn1.x86_64  
    memcached-debuginfo-1.4.15-9.13.amzn1.x86_64