Bug 1594877 - Fix CVE-2017-9951, multiple bugfixes, performance enhancements
Summary: Fix CVE-2017-9951, multiple bugfixes, performance enhancements
Status: CLOSED DUPLICATE of bug 1543405
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: memcached
Version: 7.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Lichvar
QA Contact: qe-baseos-daemons
Depends On:
Blocks: CVE-2017-9951
TreeView+ depends on / blocked
Reported: 2018-06-25 15:25 UTC by James Boyle
Modified: 2018-07-31 07:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-07-31 07:02:52 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1543405 'low' 'CLOSED' 'Much newer versions of memcached available' 2019-12-02 07:27:04 UTC

Description James Boyle 2018-06-25 15:25:36 UTC
Multiple bug fixes and performance improvements are available in recent versions of memcached.  Memcached included with rhel-7-server-rpms is version 1.4.15 and the release notes indicate it has not been updated since November 2016:
* Mon Nov 07 2016 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.4.15-10.el7_3.1

CVE-2017-9951 affects all versions prior to 1.4.39.

Recent versions also have better systemd integration and security improvements.

Here are a few items from the changelogs between 1.4.15 (version shipped in rhel-7-server-rpms) and 1.5.8 (released one month ago)

fix rare partial deadlock during hash table expansion
extstore: fix ref leak when using binary protocol with TOUCH,GAT,GATK
systemd instancing support & rpm build improvements
remove redundant counter/lock from hash table
quick fix for slab mover deadlock
fix null pointer ref in logger for bin update cmd
Drop sockets from obviously malicious command strings (HTTP/)
fix for CVE-2017-9951
fix LRU maintainer thread slowdown in edge case
fix rare long background thread pause in hash expansion
fix ordering issue in conn dispatch (prevents potential hangups)
fix refcount leak in LRU bump buf
Stop using atomics for item refcount management (performance)
Make the conn suffix list the same as item list (performance)
Do LRU-bumps while already holding item lock (performance)
Reduce add_iov() work for TCP connections (performance)
Fix cache_memlimit bug for > 4G values
metadump: ensure buffer is flushed to client before finishing
Number of small fixes/additions to new logging
add logging endpoint for LRU crawler
evicted_active counter for LRU maintainer
stop pushing NULL byte into watcher stream
Scale item hash locks more with more worker threads (minor performance)
Further increase systemd service hardening
Missing necessary header for atomic_inc_64_nv() used in logger.c (solaris)
Fix print format for idle timeout thread
Improve binary sasl security fixes
Fix clang compile error
Widen systemd caps to allow maxconns to increase
Add -X option to disable cachedump/metadump
Don't double free in lru_crawler on closed clients
Fix segfault if metadump client goes away

On several RHEL 7.5 systems running 1.4.15, I have noticed TCP CLOSE_WAIT conditions where memcached does not acknowledge and release the TCP socket back to the kernel.  I believe the bug fixes in the releases from 2017 to current would solve that problem.

Thank you!

Comment 2 James Boyle 2018-07-23 21:16:18 UTC
I didn't see that someone else made a related bug earlier: https://bugzilla.redhat.com/show_bug.cgi?id=1543405

Though, it doesn't explicitly call out CVE-2017-9951

Comment 3 Miroslav Lichvar 2018-07-31 07:02:52 UTC
Ok, let's keep all requests for memcached rebase in one bug.

*** This bug has been marked as a duplicate of bug 1543405 ***

Note You need to log in before you can comment on or make changes to this bug.