rpms/memcached
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import memcached-1.5.9-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 17:43:23 -05:00 committed by Stepan Oksanichenko
parent b11b355bdb
commit 14929f9837
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
SOURCES/memcached-CVE-2019-11596.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/memcached.c b/memcached.c
index 4a04427..cf4e0f0 100644
--- a/memcached.c
+++ b/memcached.c
@@ -4510,7 +4510,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
out_string(c, "OK");
}
}
- } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 3 &&
+ } else if (strcmp(tokens[1].value, "mode") == 0 && ntokens >= 4 &&
settings.lru_maintainer_thread) {
if (strcmp(tokens[2].value, "flat") == 0) {
settings.lru_segmented = false;
@@ -4521,7 +4521,7 @@ static void process_lru_command(conn *c, token_t *tokens, const size_t ntokens)
} else {
out_string(c, "ERROR");
}
- } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 3 &&
+ } else if (strcmp(tokens[1].value, "temp_ttl") == 0 && ntokens >= 4 &&
settings.lru_maintainer_thread) {
if (!safe_strtol(tokens[2].value, &ttl)) {
out_string(c, "ERROR");

10
SPECS/memcached.spec
View File

@ -6,7 +6,7 @@
Name: memcached Name: memcached
Version: 1.5.9 Version: 1.5.9
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 0 Epoch: 0
Summary: High Performance, Distributed Memory Object Cache Summary: High Performance, Distributed Memory Object Cache
@ -19,6 +19,7 @@ Source1: memcached.sysconfig
Patch1: memcached-unit.patch Patch1: memcached-unit.patch
Patch2: memcached-vaend.patch Patch2: memcached-vaend.patch
Patch3: memcached-lrutest.patch Patch3: memcached-lrutest.patch
Patch4: memcached-CVE-2019-11596.patch
BuildRequires: gcc libevent-devel systemd BuildRequires: gcc libevent-devel systemd
BuildRequires: perl-generators BuildRequires: perl-generators
@ -48,6 +49,9 @@ access to the memcached binary include files.
%patch1 -p1 -b .unit %patch1 -p1 -b .unit
%patch2 -p1 -b .vaend %patch2 -p1 -b .vaend
%patch3 -p1 -b .lrutest %patch3 -p1 -b .lrutest
# #1709408 - CVE-2019-11596
# memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service
%patch4 -p1 -b .lru_segfault
%build %build
# compile with full RELRO # compile with full RELRO
@ -127,6 +131,10 @@ exit 0
%{_includedir}/memcached/* %{_includedir}/memcached/*
%changelog %changelog
* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 0:1.5.9-3
- fix null-pointer dereference in "lru mode" and "lru temp_ttl" (#1709408)
- CVE-2019-11596
* Fri Feb 08 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.9-2 * Fri Feb 08 2019 Miroslav Lichvar <mlichvar@redhat.com> - 0:1.5.9-2
- fix lru-maintainer test (#1671666) - fix lru-maintainer test (#1671666)