Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu 12.10, 13.04, 13.10: USN-2080-1 Moderate: Memcached DoS

Calendar Jan 13, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service patch system update ubuntu memcached
Several security issues were fixed in Memcached. 
=========================================================================Ubuntu Security Notice USN-2080-1
January 13, 2014

memcached vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Memcached.

Software Description:
- memcached: A high-performance memory object caching system

Details:

Stefan Bucur discovered that Memcached incorrectly handled certain large
body lengths. A remote attacker could use this issue to cause Memcached to
crash, resulting in a denial of service. (CVE-2011-4971)

Jeremy Sowden discovered that Memcached incorrectly handled logging certain
details when the -vv option was used. An attacker could use this issue to
cause Memcached to crash, resulting in a denial of service. (CVE-2013-0179)

It was discovered that Memcached incorrectly handled SASL authentication.
A remote attacker could use this issue to bypass SASL authentication
completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu
13.10. (CVE-2013-7239)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
  memcached                       1.4.14-0ubuntu4.1

Ubuntu 13.04:
  memcached                       1.4.14-0ubuntu1.13.04.1

Ubuntu 12.10:
  memcached                       1.4.14-0ubuntu1.12.10.1

Ubuntu 12.04 LTS:
  memcached                       1.4.13-0ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2080-1
  CVE-2011-4971, CVE-2013-0179, CVE-2013-7239

Package Information:
  https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu4.1
  https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.13.04.1
  https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.12.10.1
  https://launchpad.net/ubuntu/+source/memcached/1.4.13-0ubuntu2.1

Ubuntu 12.10, 13.04, 13.10: USN-2080-1 Moderate: Memcached DoS

ubuntu
Calendar Grey January 13, 2014
Dist Ubuntu Esm H88
Numerous vulnerabilities addressed in memcached impacting various Ubuntu versions. Remain vigilant regarding potential risks.
Several security issues were fixed in Memcached.

Summary

Topics%20covered

Topics Covered

security advisory denial of service patch system update ubuntu memcached

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: memcached 1.4.14-0ubuntu4.1 Ubuntu 13.04: memcached 1.4.14-0ubuntu1.13.04.1 Ubuntu 12.10: memcached 1.4.14-0ubuntu1.12.10.1 Ubuntu 12.04 LTS: memcached 1.4.13-0ubuntu2.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2080-1

CVE-2011-4971, CVE-2013-0179, CVE-2013-7239

Severity
important
Lowest
Low
Medium
High
Critical

January 13, 2014

Topics%20covered

Topics Covered

security advisory denial of service patch system update ubuntu memcached

Package Information

https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu4.1 https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.13.04.1 https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.12.10.1 https://launchpad.net/ubuntu/+source/memcached/1.4.13-0ubuntu2.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here