Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 581113 - (CVE-2010-1152) CVE-2010-1152 memcached (v1.2.8): Remote denial of service (excessive memory use, hang / crash)
CVE-2010-1152 memcached (v1.2.8): Remote denial of service (excessive memory ...
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://code.google.com/p/memcached/is...
impact=moderate,source=oss-security,r...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-10 05:21 EDT by Jan Lieskovsky
Modified: 2015-07-31 02:26 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-07 01:05:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jan Lieskovsky 2010-04-10 05:21:16 EDT 
A deficiency was found:
  [1] http://code.google.com/p/memcached/issues/detail?id=102

in the way memcached processed received TCP data. A remote
attacker could use this flaw to cause denial of service (excessive
use of memory, server hang or crash).

Upstream patches:
  [3] http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9
  [4] http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719

References:
  [4] http://secunia.com/advisories/39306/
Comment 1 Jan Lieskovsky 2010-04-10 05:22:10 EDT 
This issue affects the versions of memcached package,
as shipped with Fedora release of 11.

Please fix.
Comment 2 Paul Lindner 2010-04-11 20:50:31 EDT 
I'm a bit busy at the moment, I won't be able to spin off a 1.4.5 release for F-11 for a little while.  That said this is a very minor issue as security issues go...
Comment 3 Paul Lindner 2012-02-07 01:05:19 EST 
closed, 1.4.10 is latest release.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.