An update for memcached is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
memcached is a high-performance, distributed memory object caching system,generic in nature, but intended for use in speeding up dynamic web applicationsby alleviating database load.Security Fix(es):* Two integer overflow flaws, leading to heap-based buffer overflows, were foundin the memcached binary protocol.

An attacker could create a specially craftedmessage that would cause the memcached server to crash or, potentially, executearbitrary code. (CVE-2016-8704, CVE-2016-8705)* An integer overflow flaw, leading to a heap-based buffer overflow, was foundin memcached’s parsing of SASL authentication messages.

An attacker could createa specially crafted message that would cause the memcached server to crash or,potentially, execute arbitrary code. (CVE-2016-8706)
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
memcached-1.4.15-10.el7_3.1.src.rpm
    MD5: d0094f750d459d6a5643fed2acc7ede6SHA-256: b884feb3d1059186c7d24df112b764c205cc531d33e5c7f831b7299ad59fa437
 
x86_64:
memcached-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: dcff57463488f9aff325966f7b519f45SHA-256: d0b2f4963641e8440e01f41dd345f3a39e1cee518b6f80577dc819671136fb4a
memcached-debuginfo-1.4.15-10.el7_3.1.i686.rpm
    MD5: dd7a1ae2b7fcbc4b9feaef09f356d423SHA-256: 999e650b9669e779e919db3d12c89d82f11bac83b122ad13904a64f144193041
memcached-debuginfo-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: bf922e52b1a2db64b4efce27f89f0ef1SHA-256: 4828fc4b104454701e2ea5e3071da45bb42f99ca57ae383a4f31ec0af6c7ee77
memcached-devel-1.4.15-10.el7_3.1.i686.rpm
    MD5: 6e48a464b29c53ddea18c8d1767ab898SHA-256: 4f02c926db9761950487d8ef1b6c63272ff9e38fbebcb56abec3f3d4225e9824
memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: 1fce868e1a830a92d7596dea13350babSHA-256: c379cefd4e1a2c9f39d2eab26aff39d656cf88bfe047d80756963a210019cef0
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
memcached-1.4.15-10.el7_3.1.src.rpm
    MD5: d0094f750d459d6a5643fed2acc7ede6SHA-256: b884feb3d1059186c7d24df112b764c205cc531d33e5c7f831b7299ad59fa437
 
x86_64:
memcached-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: dcff57463488f9aff325966f7b519f45SHA-256: d0b2f4963641e8440e01f41dd345f3a39e1cee518b6f80577dc819671136fb4a
memcached-debuginfo-1.4.15-10.el7_3.1.i686.rpm
    MD5: dd7a1ae2b7fcbc4b9feaef09f356d423SHA-256: 999e650b9669e779e919db3d12c89d82f11bac83b122ad13904a64f144193041
memcached-debuginfo-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: bf922e52b1a2db64b4efce27f89f0ef1SHA-256: 4828fc4b104454701e2ea5e3071da45bb42f99ca57ae383a4f31ec0af6c7ee77
memcached-devel-1.4.15-10.el7_3.1.i686.rpm
    MD5: 6e48a464b29c53ddea18c8d1767ab898SHA-256: 4f02c926db9761950487d8ef1b6c63272ff9e38fbebcb56abec3f3d4225e9824
memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: 1fce868e1a830a92d7596dea13350babSHA-256: c379cefd4e1a2c9f39d2eab26aff39d656cf88bfe047d80756963a210019cef0
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
memcached-1.4.15-10.el7_3.1.src.rpm
    MD5: d0094f750d459d6a5643fed2acc7ede6SHA-256: b884feb3d1059186c7d24df112b764c205cc531d33e5c7f831b7299ad59fa437
 
PPC:
memcached-1.4.15-10.el7_3.1.ppc64.rpm
    MD5: fec119359258239a2ff78c842bfbcc3fSHA-256: e3033ebc0dfadb001a112dd78d949d17d76deb1ab1aae97ed4a945311bd293ab
memcached-debuginfo-1.4.15-10.el7_3.1.ppc.rpm
    MD5: 01fb4f01335ce1a2facdc73565054d46SHA-256: 09164d217c3fefdf431383eb2b9da7d99591ba477d9f9e856f90f6ba992c9e9f
memcached-debuginfo-1.4.15-10.el7_3.1.ppc64.rpm
    MD5: fef93a054aecf4371bb4f0bf873d071dSHA-256: eea8f7c5b243af05077fdd1bdb7050f371686bc2a0b5c079f876a78e32b91be6
memcached-devel-1.4.15-10.el7_3.1.ppc.rpm
    MD5: 1557015c59dcc210ae239e241cdfe240SHA-256: 2b17d92aabf38690eecb015bae7da9a78b1c16e9ed90accb4550cf1a648ae160
memcached-devel-1.4.15-10.el7_3.1.ppc64.rpm
    MD5: 8fcdcb9141fa89c2d90f6836da96334cSHA-256: f1577a395fa11795b5ca37cb866b840cdaa1707c62d53af1952761b97781d2bf
 
PPC64LE:
memcached-1.4.15-10.el7_3.1.ppc64le.rpm
    MD5: 0e855e928f158cc284b8944229645858SHA-256: b3079cbcb30cedebcc6230816afe5480a5493ccbaa351e7ae9000a19af5301d9
memcached-debuginfo-1.4.15-10.el7_3.1.ppc64le.rpm
    MD5: 3750b076424f93ca2e03679b68e7a50cSHA-256: 33eb54d58fce5ccc24319914a22f6f82584a30cb4d1af51a7a56047bc408bb52
memcached-devel-1.4.15-10.el7_3.1.ppc64le.rpm
    MD5: be536035c3a660c3b5e78392683a9a1aSHA-256: 0faefae8151e7ab26276563a18c660ee4a36597253fcfbc9fce21e0e9e48f82a
 
s390x:
memcached-1.4.15-10.el7_3.1.s390x.rpm
    MD5: febbdc5245ad99980ac252d9748ac260SHA-256: 6c8e408c4205411aa686ddc3c81693976751cdaafb1597a8ad6d91590a7cb6a3
memcached-debuginfo-1.4.15-10.el7_3.1.s390.rpm
    MD5: 21adce5d2b5b6f8a9302c8253aea1fc2SHA-256: a417cc1a92a0574e848bf6865e581031fac6675de3f6189e7d8a16ddbd9357bd
memcached-debuginfo-1.4.15-10.el7_3.1.s390x.rpm
    MD5: aac3f0c597ce08749e062c08f9f9f558SHA-256: d7e48851b73f9206babdb439adac58a7eb14103d7ca9510b18acaf7cf312f2c6
memcached-devel-1.4.15-10.el7_3.1.s390.rpm
    MD5: bc786b2e46ecca7c60c52f261aadaae4SHA-256: c41fd9cdc7ec06ed9ed7f99bbb0f27a5d8fa59d5240f5894204b33d80c6eed54
memcached-devel-1.4.15-10.el7_3.1.s390x.rpm
    MD5: 47b43567d3f3d1edbf9da0683737de71SHA-256: b4e720a43760c62100084a1dfd71c58ee92806cd76cd3b46c6e35d9734665c99
 
x86_64:
memcached-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: dcff57463488f9aff325966f7b519f45SHA-256: d0b2f4963641e8440e01f41dd345f3a39e1cee518b6f80577dc819671136fb4a
memcached-debuginfo-1.4.15-10.el7_3.1.i686.rpm
    MD5: dd7a1ae2b7fcbc4b9feaef09f356d423SHA-256: 999e650b9669e779e919db3d12c89d82f11bac83b122ad13904a64f144193041
memcached-debuginfo-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: bf922e52b1a2db64b4efce27f89f0ef1SHA-256: 4828fc4b104454701e2ea5e3071da45bb42f99ca57ae383a4f31ec0af6c7ee77
memcached-devel-1.4.15-10.el7_3.1.i686.rpm
    MD5: 6e48a464b29c53ddea18c8d1767ab898SHA-256: 4f02c926db9761950487d8ef1b6c63272ff9e38fbebcb56abec3f3d4225e9824
memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: 1fce868e1a830a92d7596dea13350babSHA-256: c379cefd4e1a2c9f39d2eab26aff39d656cf88bfe047d80756963a210019cef0
 
Red Hat Enterprise Linux Server TUS (v. 7.3)

SRPMS:
memcached-1.4.15-10.el7_3.1.src.rpm
    MD5: d0094f750d459d6a5643fed2acc7ede6SHA-256: b884feb3d1059186c7d24df112b764c205cc531d33e5c7f831b7299ad59fa437
 
x86_64:
memcached-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: dcff57463488f9aff325966f7b519f45SHA-256: d0b2f4963641e8440e01f41dd345f3a39e1cee518b6f80577dc819671136fb4a
memcached-debuginfo-1.4.15-10.el7_3.1.i686.rpm
    MD5: dd7a1ae2b7fcbc4b9feaef09f356d423SHA-256: 999e650b9669e779e919db3d12c89d82f11bac83b122ad13904a64f144193041
memcached-debuginfo-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: bf922e52b1a2db64b4efce27f89f0ef1SHA-256: 4828fc4b104454701e2ea5e3071da45bb42f99ca57ae383a4f31ec0af6c7ee77
memcached-devel-1.4.15-10.el7_3.1.i686.rpm
    MD5: 6e48a464b29c53ddea18c8d1767ab898SHA-256: 4f02c926db9761950487d8ef1b6c63272ff9e38fbebcb56abec3f3d4225e9824
memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: 1fce868e1a830a92d7596dea13350babSHA-256: c379cefd4e1a2c9f39d2eab26aff39d656cf88bfe047d80756963a210019cef0
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
memcached-1.4.15-10.el7_3.1.src.rpm
    MD5: d0094f750d459d6a5643fed2acc7ede6SHA-256: b884feb3d1059186c7d24df112b764c205cc531d33e5c7f831b7299ad59fa437
 
x86_64:
memcached-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: dcff57463488f9aff325966f7b519f45SHA-256: d0b2f4963641e8440e01f41dd345f3a39e1cee518b6f80577dc819671136fb4a
memcached-debuginfo-1.4.15-10.el7_3.1.i686.rpm
    MD5: dd7a1ae2b7fcbc4b9feaef09f356d423SHA-256: 999e650b9669e779e919db3d12c89d82f11bac83b122ad13904a64f144193041
memcached-debuginfo-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: bf922e52b1a2db64b4efce27f89f0ef1SHA-256: 4828fc4b104454701e2ea5e3071da45bb42f99ca57ae383a4f31ec0af6c7ee77
memcached-devel-1.4.15-10.el7_3.1.i686.rpm
    MD5: 6e48a464b29c53ddea18c8d1767ab898SHA-256: 4f02c926db9761950487d8ef1b6c63272ff9e38fbebcb56abec3f3d4225e9824
memcached-devel-1.4.15-10.el7_3.1.x86_64.rpm
    MD5: 1fce868e1a830a92d7596dea13350babSHA-256: c379cefd4e1a2c9f39d2eab26aff39d656cf88bfe047d80756963a210019cef0
 
(The unlinked packages above are only available from the Red Hat Network)

1390510 – CVE-2016-8704 memcached: Server append/prepend remote code execution1390511 – CVE-2016-8705 memcached: Server update remote code execution1390512 – CVE-2016-8706 memcached: SASL authentication remote code execution

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply