[SECURITY] Fedora 19 Update: memcached-1.4.17-1.fc19

updates at fedoraproject.org updates at fedoraproject.org
Mon Feb 3 02:49:19 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-0934
2014-01-16 05:26:12
--------------------------------------------------------------------------------

Name        : memcached
Product     : Fedora 19
Version     : 1.4.17
Release     : 1.fc19
URL         : http://www.memcached.org/
Summary     : High Performance, Distributed Memory Object Cache
Description :
memcached is a high-performance, distributed memory object caching
system, generic in nature, but intended for use in speeding up dynamic
web applications by alleviating database load.

--------------------------------------------------------------------------------
Update Information:

This is an update to the latest upstream release. It fixes several security vulnerabilities, possible crashes when the key is printed in verbose mode and crash with specially crafted packet. (CVE-2011-4971, CVE-2013-0179, CVE-2013-7291 CVE-2013-7290)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 15 2014 Miroslav Lichvar <mlichvar at redhat.com> - 0:1.4.17-1
- update to 1.4.17
- fix building with -Werror=format-security in CFLAGS
* Wed Aug  7 2013 Miroslav Lichvar <mlichvar at redhat.com> - 0:1.4.15-7
- buildrequire systemd-units (#992221)
- update memcached man page
- add memcached-tool man page
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0:1.4.15-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 0:1.4.15-5
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #895054 - CVE-2013-0179 memcached: DoS due to buffer overrun when printing out keys to be deleted in verbose mode
        https://bugzilla.redhat.com/show_bug.cgi?id=895054
  [ 2 ] Bug #957964 - CVE-2011-4971 memcached: specially crafted packet segmentation fault
        https://bugzilla.redhat.com/show_bug.cgi?id=957964
  [ 3 ] Bug #1052863 - CVE-2013-7290 memcached: remote DoS (segmentation fault) via a request to delete a key
        https://bugzilla.redhat.com/show_bug.cgi?id=1052863
  [ 4 ] Bug #1052864 - CVE-2013-7291 memcached: remote DoS (crash) via a request that triggers "unbounded key print"
        https://bugzilla.redhat.com/show_bug.cgi?id=1052864
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update memcached' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list