- Issued:
- 2016-11-23
- Updated:
- 2016-11-23
RHSA-2016:2820 - Security Advisory
Synopsis
Important: memcached security update
Type/Severity
Security Advisory: Important
Topic
An update for memcached is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.
Security Fix(es):
- Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8704, CVE-2016-8705)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Fixes
- BZ - 1390510 - CVE-2016-8704 memcached: Server append/prepend remote code execution
- BZ - 1390511 - CVE-2016-8705 memcached: Server update remote code execution
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| memcached-1.4.4-3.el6_8.1.src.rpm | SHA-256: 72bfdc81f71f422cb9f33ff0ccdb11f3adb74380a3ff4bd56a613da99827f899 |
| x86_64 | |
| memcached-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 3f065adf2f19596092dbaaf2f8a764c5d0870c4afc85cb8766fd0234c0c78bbc |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-debuginfo-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 457bbf8d1e6c69a02e5f27febe2e8ed88ddf1ed72ccff391f331812f46a73f67 |
| memcached-debuginfo-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 457bbf8d1e6c69a02e5f27febe2e8ed88ddf1ed72ccff391f331812f46a73f67 |
| memcached-devel-1.4.4-3.el6_8.1.i686.rpm | SHA-256: b770ca904ffc28707eb7d0d64e9591632cb521128fd17137c0cca7db92a0011c |
| memcached-devel-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 35be89cb34dff48dd77d62365869c0c341d312fb8ad9c33849f86803986c2c59 |
| i386 | |
| memcached-1.4.4-3.el6_8.1.i686.rpm | SHA-256: 6eb48e7ef95aa5d4361ef00dc62cc581eba9f460514b16f5d4ef838e0894675a |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-devel-1.4.4-3.el6_8.1.i686.rpm | SHA-256: b770ca904ffc28707eb7d0d64e9591632cb521128fd17137c0cca7db92a0011c |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| memcached-1.4.4-3.el6_8.1.src.rpm | SHA-256: 72bfdc81f71f422cb9f33ff0ccdb11f3adb74380a3ff4bd56a613da99827f899 |
| x86_64 | |
| memcached-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 3f065adf2f19596092dbaaf2f8a764c5d0870c4afc85cb8766fd0234c0c78bbc |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-debuginfo-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 457bbf8d1e6c69a02e5f27febe2e8ed88ddf1ed72ccff391f331812f46a73f67 |
| memcached-debuginfo-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 457bbf8d1e6c69a02e5f27febe2e8ed88ddf1ed72ccff391f331812f46a73f67 |
| memcached-devel-1.4.4-3.el6_8.1.i686.rpm | SHA-256: b770ca904ffc28707eb7d0d64e9591632cb521128fd17137c0cca7db92a0011c |
| memcached-devel-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 35be89cb34dff48dd77d62365869c0c341d312fb8ad9c33849f86803986c2c59 |
| i386 | |
| memcached-1.4.4-3.el6_8.1.i686.rpm | SHA-256: 6eb48e7ef95aa5d4361ef00dc62cc581eba9f460514b16f5d4ef838e0894675a |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-devel-1.4.4-3.el6_8.1.i686.rpm | SHA-256: b770ca904ffc28707eb7d0d64e9591632cb521128fd17137c0cca7db92a0011c |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| memcached-1.4.4-3.el6_8.1.src.rpm | SHA-256: 72bfdc81f71f422cb9f33ff0ccdb11f3adb74380a3ff4bd56a613da99827f899 |
| x86_64 | |
| memcached-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 3f065adf2f19596092dbaaf2f8a764c5d0870c4afc85cb8766fd0234c0c78bbc |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-debuginfo-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 457bbf8d1e6c69a02e5f27febe2e8ed88ddf1ed72ccff391f331812f46a73f67 |
| memcached-devel-1.4.4-3.el6_8.1.i686.rpm | SHA-256: b770ca904ffc28707eb7d0d64e9591632cb521128fd17137c0cca7db92a0011c |
| memcached-devel-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 35be89cb34dff48dd77d62365869c0c341d312fb8ad9c33849f86803986c2c59 |
| i386 | |
| memcached-1.4.4-3.el6_8.1.i686.rpm | SHA-256: 6eb48e7ef95aa5d4361ef00dc62cc581eba9f460514b16f5d4ef838e0894675a |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-devel-1.4.4-3.el6_8.1.i686.rpm | SHA-256: b770ca904ffc28707eb7d0d64e9591632cb521128fd17137c0cca7db92a0011c |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| memcached-1.4.4-3.el6_8.1.src.rpm | SHA-256: 72bfdc81f71f422cb9f33ff0ccdb11f3adb74380a3ff4bd56a613da99827f899 |
| s390x | |
| memcached-1.4.4-3.el6_8.1.s390x.rpm | SHA-256: f6b0c7445995acd2926186314c90de5c36399f1da0db5244cd92eb80383c17b8 |
| memcached-debuginfo-1.4.4-3.el6_8.1.s390.rpm | SHA-256: 74f401b58c769747841d8b15c9d1f7d91f74d1dad0210f6b5464505242b194bd |
| memcached-debuginfo-1.4.4-3.el6_8.1.s390x.rpm | SHA-256: d4153d0f1ea9b13d2efc7d0c995ffd448b06d41a03162bea082cd48745e5696f |
| memcached-debuginfo-1.4.4-3.el6_8.1.s390x.rpm | SHA-256: d4153d0f1ea9b13d2efc7d0c995ffd448b06d41a03162bea082cd48745e5696f |
| memcached-devel-1.4.4-3.el6_8.1.s390.rpm | SHA-256: 43e94587dc41ed96980cc4ccdfc4e190c101016af9e32b8dedf46b6d6ba10596 |
| memcached-devel-1.4.4-3.el6_8.1.s390x.rpm | SHA-256: 090e982814cc66a2bab81d45d882e75ed82e56e882549ca862526c776188216e |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| memcached-1.4.4-3.el6_8.1.src.rpm | SHA-256: 72bfdc81f71f422cb9f33ff0ccdb11f3adb74380a3ff4bd56a613da99827f899 |
| ppc64 | |
| memcached-1.4.4-3.el6_8.1.ppc64.rpm | SHA-256: c7bf10db1e72d8e85b7fc55598a5ef42da1c85b479549771ce3836d5e3cfed64 |
| memcached-debuginfo-1.4.4-3.el6_8.1.ppc.rpm | SHA-256: 023a883cb0456ca03ea27216caba22ba85bbf468a6c3ff98512056074da53121 |
| memcached-debuginfo-1.4.4-3.el6_8.1.ppc64.rpm | SHA-256: 6cbd0f263b9994e5d0681514a972380e07c0463ac3f617fde5bd49e7d3670169 |
| memcached-debuginfo-1.4.4-3.el6_8.1.ppc64.rpm | SHA-256: 6cbd0f263b9994e5d0681514a972380e07c0463ac3f617fde5bd49e7d3670169 |
| memcached-devel-1.4.4-3.el6_8.1.ppc.rpm | SHA-256: ca3b58519c9e3a0af1ffef802280e301734160fce05e7e6ea6d7eb649578d5a1 |
| memcached-devel-1.4.4-3.el6_8.1.ppc64.rpm | SHA-256: 1ba5fbe366332c29456ab3b576e8852d06a656f046455566e036579fb2c8794e |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| memcached-1.4.4-3.el6_8.1.src.rpm | SHA-256: 72bfdc81f71f422cb9f33ff0ccdb11f3adb74380a3ff4bd56a613da99827f899 |
| x86_64 | |
| memcached-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 3f065adf2f19596092dbaaf2f8a764c5d0870c4afc85cb8766fd0234c0c78bbc |
| memcached-debuginfo-1.4.4-3.el6_8.1.i686.rpm | SHA-256: efe00866ceaa19eb7a57bbc690fc496f3e2edfc6feb55a4402cefa9f86d10fb4 |
| memcached-debuginfo-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 457bbf8d1e6c69a02e5f27febe2e8ed88ddf1ed72ccff391f331812f46a73f67 |
| memcached-devel-1.4.4-3.el6_8.1.i686.rpm | SHA-256: b770ca904ffc28707eb7d0d64e9591632cb521128fd17137c0cca7db92a0011c |
| memcached-devel-1.4.4-3.el6_8.1.x86_64.rpm | SHA-256: 35be89cb34dff48dd77d62365869c0c341d312fb8ad9c33849f86803986c2c59 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.