Bug 516489 (CVE-2009-2415)
Summary: | CVE-2009-2415 memcached: heap-based buffer overflow | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | lindner, matthias, ruben, tcallawa, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-02-07 06:06:13 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 542057, 542058 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2009-08-10 07:53:24 UTC
Created attachment 356858 [details] Debian patch for 1.2.2 (from DSA-1853-1) Patch extracted from Debian update for 1.2.2. Upstream fix for 1.2.8 should be this: http://consoleninja.net/code/memcached/memcached-1.2.8_proper_vlen_fix.patch dormando will create a 1.2.9 that contains 1.2.8+this patch I'll spin out a new 1.2.9 versions. I'm assuming that 1.4.0 has this fix since 1.2.9 was supposed to have this fix (hard to tell since the ChangeLog file is not up to date). However, Fedora 10 and 11 still have the 1.2.8 version. Where is the 1.2.9 version promised in comment #2? memcached-1.2.8-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |