import memcached-1.5.9-3.el8

2020-01-21 17:43:23 -05:00 · 2020-01-21 17:43:23 -05:00 · 14929f9837
commit 14929f9837
parent b11b355bdb
2 changed files with 31 additions and 1 deletions
--- a/SOURCES/memcached-CVE-2019-11596.patch
+++ b/SOURCES/memcached-CVE-2019-11596.patch
@ -0,0 +1,22 @@
+diff --git a/memcached.c b/memcached.c
+index 4a04427..cf4e0f0 100644
+--- a/memcached.c
+++ b/memcached.c
+@@ -4510,7 +4510,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+                 out_string(c, "OK");
+             }
+         }
+-    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
+    } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (strcmp(tokens[2].value, "flat") == 0) {
+             settings.lru_segmented = false;
+@@ -4521,7 +4521,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
+         } else {
+             out_string(c, "ERROR");
+         }
+-    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
+    } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
+                settings.lru_maintainer_thread) {
+         if (!safe_strtol(tokens[2].value, &ttl)) {
+             out_string(c, "ERROR");
--- a/SPECS/memcached.spec
+++ b/SPECS/memcached.spec
@ -6,7 +6,7 @@

 Name:           memcached
 Version:        1.5.9
-Release:        2%{?dist}
+Release:        3%{?dist}
 Epoch:          0
 Summary:        High Performance, Distributed Memory Object Cache

@ -19,6 +19,7 @@ Source1:        memcached.sysconfig
 Patch1:         memcached-unit.patch
 Patch2:         memcached-vaend.patch
 Patch3:         memcached-lrutest.patch
+Patch4:         memcached-CVE-2019-11596.patch

 BuildRequires:  gcc libevent-devel systemd
 BuildRequires:  perl-generators
@ -48,6 +49,9 @@ access to the memcached binary include files.
 %patch1 -p1 -b .unit
 %patch2 -p1 -b .vaend
 %patch3 -p1 -b .lrutest
+# #1709408 - CVE-2019-11596
+# memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service
+%patch4 -p1 -b .lru_segfault

 %build
 # compile with full RELRO
@ -127,6 +131,10 @@ exit 0
 %{_includedir}/memcached/*

 %changelog
+* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.9-3
+- fix null-pointer dereference in "lru mode" and "lru temp_ttl" (#1709408)
+- CVE-2019-11596
+
 * Fri Feb 08 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.9-2
 - fix lru-maintainer test (#1671666)