Univention Bugzilla – Bug 42836
memcached: Multiple issues (4.1)
Last modified: 2016-12-01 11:57:27 CET
The following issues have been reported for memcached: * Server append/prepend remote code execution (CVE-2016-8704) * Server update remote code execution (CVE-2016-8705) * SASL authentication remote code execution (CVE-2016-8706) Patches available, Debian update pending. CVE-2016-8704: 6.5 Medium (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVE-2016-8705: 7.0 High (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)
Package rebuilt in errata4.1-4 with backported patch from Debian Jessie. Advisory: memcached.yaml
OK: package build *** 1.4.13-0.2.8.201611032001 0 500 http://omar.knut.univention.de/build2/ ucs_4.1-0-errata4.1-4/amd64/ Packages OK: zgrep -C 4 -e CVE-2016-8704 -e CVE-2016-8705 -e CVE-2016-8706 /usr/share/doc/memcached/changelog.Debian.gz OK: YAML OK: functionality # socat unix-connect:/var/run/univention-saml/memcached.socket stdin version VERSION 1.4.13 OK: contains patch: The following patches will be applied: 08_CVE-2016-8704_8705_8706.quilt Applying patch 08_CVE-2016-8704_8705_8706.quilt Output of the patch process: OK"
<http://errata.software-univention.de/ucs/4.1/335.html>