RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1594877 - Fix CVE-2017-9951, multiple bugfixes, performance enhancements
Summary: Fix CVE-2017-9951, multiple bugfixes, performance enhancements
Keywords:
Status: CLOSED DUPLICATE of bug 1543405
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: memcached
Version: 7.5
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Miroslav Lichvar
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks: CVE-2017-9951
TreeView+ depends on / blocked
 
Reported: 2018-06-25 15:25 UTC by James Boyle
Modified: 2018-07-31 07:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-31 07:02:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1543405 0 low CLOSED Much newer versions of memcached available 2022-03-13 14:41:41 UTC

Description James Boyle 2018-06-25 15:25:36 UTC 
Multiple bug fixes and performance improvements are available in recent versions of memcached.  Memcached included with rhel-7-server-rpms is version 1.4.15 and the release notes indicate it has not been updated since November 2016:
* Mon Nov 07 2016 Miroslav Lichvar <mlichvar> - 0:1.4.15-10.el7_3.1

CVE-2017-9951 affects all versions prior to 1.4.39.

Recent versions also have better systemd integration and security improvements.

Here are a few items from the changelogs between 1.4.15 (version shipped in rhel-7-server-rpms) and 1.5.8 (released one month ago)

fix rare partial deadlock during hash table expansion
extstore: fix ref leak when using binary protocol with TOUCH,GAT,GATK
systemd instancing support & rpm build improvements
remove redundant counter/lock from hash table
quick fix for slab mover deadlock
fix null pointer ref in logger for bin update cmd
Drop sockets from obviously malicious command strings (HTTP/)
fix for CVE-2017-9951
fix LRU maintainer thread slowdown in edge case
fix rare long background thread pause in hash expansion
fix ordering issue in conn dispatch (prevents potential hangups)
fix refcount leak in LRU bump buf
Stop using atomics for item refcount management (performance)
Make the conn suffix list the same as item list (performance)
Do LRU-bumps while already holding item lock (performance)
Reduce add_iov() work for TCP connections (performance)
Fix cache_memlimit bug for > 4G values
metadump: ensure buffer is flushed to client before finishing
Number of small fixes/additions to new logging
add logging endpoint for LRU crawler
evicted_active counter for LRU maintainer
stop pushing NULL byte into watcher stream
Scale item hash locks more with more worker threads (minor performance)
Further increase systemd service hardening
Missing necessary header for atomic_inc_64_nv() used in logger.c (solaris)
Fix print format for idle timeout thread
Improve binary sasl security fixes
Fix clang compile error
Widen systemd caps to allow maxconns to increase
Add -X option to disable cachedump/metadump
Don't double free in lru_crawler on closed clients
Fix segfault if metadump client goes away

On several RHEL 7.5 systems running 1.4.15, I have noticed TCP CLOSE_WAIT conditions where memcached does not acknowledge and release the TCP socket back to the kernel.  I believe the bug fixes in the releases from 2017 to current would solve that problem.

Thank you!
--James
Comment 2 James Boyle 2018-07-23 21:16:18 UTC 
I didn't see that someone else made a related bug earlier: https://bugzilla.redhat.com/show_bug.cgi?id=1543405

Though, it doesn't explicitly call out CVE-2017-9951
Comment 3 Miroslav Lichvar 2018-07-31 07:02:52 UTC 
Ok, let's keep all requests for memcached rebase in one bug.

*** This bug has been marked as a duplicate of bug 1543405 ***
Note You need to log in before you can comment on or make changes to this bug.