[Secure-testing-team] Bug#842814: memcached: CVE-2016-8706
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 1 13:08:44 UTC 2016
Source: memcached
Version: 1.4.31-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for memcached.
CVE-2016-8706[0]:
|Memcached Server SASL Autentication Remote Code Execution
|Vulnerability
It is easily reproducible with the TALOS reproducer when memcached
enabled SASL authentication and running under valgrind to see the
crash.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8706
[1] http://www.talosintelligence.com/reports/TALOS-2016-0221/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list