From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1853-1
[email protected] http://www.debian.org/security/ Nico Golde August 7th, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : memcached
Vulnerability : heap-based buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2415
Ronald Volgers discovered that memcached, a high-performance memory object caching system, is vulnerable to several heap-based buffer overflows due
to integer conversions when parsing certain length attributes. An
attacker can use this to execute arbitrary code on the system running
memcached (on etch with root privileges).
For the oldstable distribution (etch), this problem has been fixed in
version 1.1.12-1+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 1.2.2-1+lenny1.
For the testing (squeeze) and unstable (sid) distribution , this problem
will be fixed soon.
We recommend that you upgrade your memcached packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc
Size/MD5 checksum: 606 9a63482efb7bfb3191151a0b10b35555
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz
Size/MD5 checksum: 114103 a1236dad33e9ac6c36d53faa8da61780
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz
Size/MD5 checksum: 5036 ed868d7fe781857da5521be8e7990dcf
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb
Size/MD5 checksum: 37136 12da02a8e31acb33ca3fd15ed3753d3d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb
Size/MD5 checksum: 35120 22ca27f910d20339f8c8eebf86a2993c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb
Size/MD5 checksum: 34078 2ef29a9d59010d5bd632b77c5b3cb19e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb
Size/MD5 checksum: 36180 e7f189a8888aabd4098d08ea45d968df
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb
Size/MD5 checksum: 33578 92577cf894c3cb5ea31c5afe46ea29e1
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb
Size/MD5 checksum: 42662 f32d322349e596606f256680b8f4df77
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb
Size/MD5 checksum: 36228 7f3ea92644ea51084d7c0fdb0fd2c058
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb
Size/MD5 checksum: 36250 a3b97ae608eddf08378fe497f3a2077c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb
Size/MD5 checksum: 36314 0bc6427cdfb2ebb3a468bb50169c255a
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb
Size/MD5 checksum: 35380 c9b8cb353dd7cc6230fb6feac27f5802
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb
Size/MD5 checksum: 33348 1230f81f8c821e829fcdc59ce2b4841b
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc
Size/MD5 checksum: 1003 e2c6982872f043ecaa826889bddbffa7
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz
Size/MD5 checksum: 166201 a08851f7fa7b15e92ee6320b7a79c321
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz
Size/MD5 checksum: 4624 54f919c679fbb376f2883819e3d67ada
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb
Size/MD5 checksum: 50870 fad5be29b7231adc04161fea3557046a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb
Size/MD5 checksum: 47416 4b488a56ddddc43037f8788a3af944de
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb
Size/MD5 checksum: 45876 ee8373eb90be8d4c7ab96be7075330ec
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb
Size/MD5 checksum: 47516 c73b57ac18a20dbad1b58887ae598c49
hppa architecture (HP PA RISC)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)