{"affected":[{"ecosystem_specific":{"binaries":[{"memcached":"1.4.39-3.3.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"memcached","purl":"pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.39-3.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"memcached":"1.4.39-3.3.2"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"memcached","purl":"pkg:rpm/suse/memcached&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.39-3.3.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for memcached fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2011-4971: remote DoS (bsc#817781).\n- CVE-2013-0179: DoS when printing out keys to be deleted in  verbose mode (bsc#798458).\n- CVE-2013-7239: SASL authentication allows wrong credentials to access memcache (bsc#857188).\n- CVE-2013-7290: remote DoS (segmentation fault) via a request to delete a key (bsc#858677).\n- CVE-2013-7291: remote DoS (crash) via a request that triggers 'unbounded key print' (bsc#858676).\n- CVE-2016-8704: Server append/prepend remote code execution (bsc#1007871).\n- CVE-2016-8705: Server update remote code execution (bsc#1007870).\n- CVE-2016-8706: Server ASL authentication remote code execution (bsc#1007869).\n- CVE-2017-9951: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705) (bsc#1056865).\n","id":"SUSE-SU-2018:0778-1","modified":"2018-03-22T13:15:48Z","published":"2018-03-22T13:15:48Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180778-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007869"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007870"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007871"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056865"},{"type":"REPORT","url":"https://bugzilla.suse.com/798458"},{"type":"REPORT","url":"https://bugzilla.suse.com/817781"},{"type":"REPORT","url":"https://bugzilla.suse.com/857188"},{"type":"REPORT","url":"https://bugzilla.suse.com/858676"},{"type":"REPORT","url":"https://bugzilla.suse.com/858677"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2011-4971"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-0179"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-7239"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-7290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-7291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8704"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8705"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8706"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9951"}],"related":["CVE-2011-4971","CVE-2013-0179","CVE-2013-7239","CVE-2013-7290","CVE-2013-7291","CVE-2016-8704","CVE-2016-8705","CVE-2016-8706","CVE-2017-9951"],"summary":"Security update for memcached","upstream":["CVE-2011-4971","CVE-2013-0179","CVE-2013-7239","CVE-2013-7290","CVE-2013-7291","CVE-2016-8704","CVE-2016-8705","CVE-2016-8706","CVE-2017-9951"]}