Bug 1555064 (CVE-2018-1000127)
| Summary: | CVE-2018-1000127 memcached: Integer Overflow in items.c:item_free() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | apevec, chrisw, dffrench, drusso, hguemar, jjoyce, jmadigan, jorton, jschluet, jshepherd, kbasil, lgriffin, lhh, lindner, lpeer, markmc, matthias, mburns, mlichvar, ngough, pwright, rbryant, rrajasek, rschiron, sclewis, slinaber, tdecacqu, trepel |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | memcached 1.4.37 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:17:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1555065, 1557093, 1557286, 1557287, 1557646, 1557647, 1557648, 1557649 | ||
| Bug Blocks: | 1555067 | ||
|
Description
Laura Pardo
2018-03-13 22:05:27 UTC
Created memcached tracking bugs for this issue: Affects: openstack-rdo [bug 1555065] RHEL 6 is affected by this flaw, being subject to the integer overflow in items.c:item_free(), but items are not put back in the freelist if they are still used. However, it can cause memory leaks and, potentially, resource exhaustion. This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2018:2290 https://access.redhat.com/errata/RHSA-2018:2290 |