SUSE-SU-2018:0778-1: important: Security update for memcached

sle-security-updates at sle-security-updates at
Thu Mar 22 10:27:53 MDT 2018

   SUSE Security Update: Security update for memcached

Announcement ID:    SUSE-SU-2018:0778-1
Rating:             important
References:         #1007869 #1007870 #1007871 #1056865 #798458 
                    #817781 #857188 #858676 #858677 
Cross-References:   CVE-2011-4971 CVE-2013-0179 CVE-2013-7239
                    CVE-2013-7290 CVE-2013-7291 CVE-2016-8704
                    CVE-2016-8705 CVE-2016-8706 CVE-2017-9951
Affected Products:
                    SUSE OpenStack Cloud 7
                    SUSE Enterprise Storage 4

   An update that fixes 9 vulnerabilities is now available.


   This update for memcached fixes the following issues:

   Security issues fixed:

   - CVE-2011-4971: remote DoS (bsc#817781).
   - CVE-2013-0179: DoS when printing out keys to be deleted in  verbose mode
   - CVE-2013-7239: SASL authentication allows wrong credentials to access
     memcache (bsc#857188).
   - CVE-2013-7290: remote DoS (segmentation fault) via a request to delete a
     key (bsc#858677).
   - CVE-2013-7291: remote DoS (crash) via a request that triggers "unbounded
     key print" (bsc#858676).
   - CVE-2016-8704: Server append/prepend remote code execution (bsc#1007871).
   - CVE-2016-8705: Server update remote code execution (bsc#1007870).
   - CVE-2016-8706: Server ASL authentication remote code execution
   - CVE-2017-9951: Heap-based buffer over-read in try_read_command function
     (incomplete fix for CVE-2016-8705) (bsc#1056865).

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-529=1

   - SUSE Enterprise Storage 4:

      zypper in -t patch SUSE-Storage-4-2018-529=1

Package List:

   - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):


   - SUSE Enterprise Storage 4 (aarch64 x86_64):



More information about the sle-security-updates mailing list