========================================================================== Ubuntu Security Notice USN-2080-1 January 13, 2014 memcached vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Memcached. Software Description: - memcached: A high-performance memory object caching system Details: Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. (CVE-2011-4971) Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use this issue to cause Memcached to crash, resulting in a denial of service. (CVE-2013-0179) It was discovered that Memcached incorrectly handled SASL authentication. A remote attacker could use this issue to bypass SASL authentication completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10. (CVE-2013-7239) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: memcached 1.4.14-0ubuntu4.1 Ubuntu 13.04: memcached 1.4.14-0ubuntu1.13.04.1 Ubuntu 12.10: memcached 1.4.14-0ubuntu1.12.10.1 Ubuntu 12.04 LTS: memcached 1.4.13-0ubuntu2.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2080-1 CVE-2011-4971, CVE-2013-0179, CVE-2013-7239 Package Information: https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu4.1 https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.13.04.1 https://launchpad.net/ubuntu/+source/memcached/1.4.14-0ubuntu1.12.10.1 https://launchpad.net/ubuntu/+source/memcached/1.4.13-0ubuntu2.1