Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 685866 (CVE-2019-11596) - <net-misc/memcached-1.5.14: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service (CVE-2019-11596)
Summary: <net-misc/memcached-1.5.14: null-pointer dereference in "lru mode" and "lru t...
Status: RESOLVED FIXED
Alias: CVE-2019-11596
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-13 15:51 UTC by GLSAMaker/CVETool Bot
Modified: 2019-08-15 21:08 UTC (History)
2 users (show)

See Also:
Package list:
net-misc/memcached-1.5.14 alpha arm ia64 ppc ppc64 s390 sparc
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-05-13 15:51:18 UTC 
CVE-2019-11596 (https://nvd.nist.gov/vuln/detail/CVE-2019-11596):
  In memcached before 1.5.14, a NULL pointer dereference was found in the "lru
  mode" and "lru temp_ttl" commands. This causes a denial of service when
  parsing crafted lru command messages in process_lru_command in memcached.c.
Comment 1 Larry the Git Cow gentoo-dev 2019-05-13 16:02:39 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=366ec482a0bbb0727d4a622b8182e9ba45c05ae5

commit 366ec482a0bbb0727d4a622b8182e9ba45c05ae5
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2019-05-13 16:01:51 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2019-05-13 16:02:27 +0000

    net-misc/memcached: stablize amd64/x86
    
    Bug: https://bugs.gentoo.org/685866
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>

 net-misc/memcached/memcached-1.5.14.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Rolf Eike Beer archtester 2019-05-14 08:26:33 UTC 
sparc stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2019-05-22 08:13:44 UTC 
ia64 stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-05-23 13:18:52 UTC 
arm stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2019-05-25 07:58:31 UTC 
ppc stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2019-05-25 08:03:35 UTC 
ppc64 stable
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-05-25 08:17:52 UTC 
s390 stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-06-06 06:49:40 UTC 
alpha stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Larry the Git Cow gentoo-dev 2019-06-06 14:45:44 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a25a3b04cc6a80443c19d86724da1e4cac858db

commit 6a25a3b04cc6a80443c19d86724da1e4cac858db
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2019-06-06 14:45:26 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2019-06-06 14:45:26 +0000

    net-misc/memcached: cleanup
    
    Bug: https://bugs.gentoo.org/685866
    Package-Manager: Portage-2.3.66, Repoman-2.3.14
    Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>

 net-misc/memcached/Manifest                |  6 --
 net-misc/memcached/memcached-1.4.39.ebuild | 93 -----------------------------
 net-misc/memcached/memcached-1.5.10.ebuild | 95 ------------------------------
 net-misc/memcached/memcached-1.5.11.ebuild | 95 ------------------------------
 net-misc/memcached/memcached-1.5.12.ebuild | 95 ------------------------------
 net-misc/memcached/memcached-1.5.13.ebuild | 95 ------------------------------
 net-misc/memcached/memcached-1.5.2.ebuild  | 94 -----------------------------
 7 files changed, 573 deletions(-)