Multiple integer overflows in process_bin_update function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. External References: http://www.talosintelligence.com/reports/TALOS-2016-0220/ Upstream patch: https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
Created memcached tracking bugs for this issue: Affects: fedora-all [bug 1390513] Affects: epel-5 [bug 1390514]
Mitigation: This flaw is in the memcached binary protocol. If your client programs only use the ASCII protocol when communicating with memcached, you can disable the binary protocol and protect against this flaw by adding "-B ascii" to OPTIONS in /etc/sysconfig/memcached.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:2820 https://rhn.redhat.com/errata/RHSA-2016-2820.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2819 https://rhn.redhat.com/errata/RHSA-2016-2819.html
Statement: The versions of memcached as shipped with Red Hat OpenStack Platform 7, 8 and 9 are affected by this issue however will not be updated. The latest version of memcached from Red Hat Enterprise Linux 7 can safely be allowed to supersede the earlier versions provided in the Red Hat OpenStack Platform channels.
This issue has been addressed in the following products: Red Hat Mobile Application Platform 4.2 Via RHSA-2017:0059 https://access.redhat.com/errata/RHSA-2017:0059