{"id":"MGASA-2014-0018","summary":"Updated memcached package fixes multiple security vulnerabilities","details":"Updated memcached packages fix security vulnerability:\n\nIt was reported that SASL authentication could be bypassed due to a flaw\nrelated to the managment of the SASL authentication state. With a specially\ncrafted request, a remote attacker may be able to authenticate with invalid\nSASL credentials (CVE-2013-7239).\n\nMultiple issues in memcached before 1.4.17 which allow remote attackers to\ncause a denial of service by sending a request that causes a crash when\nmemcached is running in verbose mode (CVE-2013-0179, CVE-2013-7290,\nCVE-2013-7291).\n","modified":"2026-01-30T18:02:24.072977Z","published":"2014-01-21T16:14:47Z","related":["CVE-2013-0179","CVE-2013-7239","CVE-2013-7290","CVE-2013-7291"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0018.html"},{"type":"REPORT","url":"http://www.debian.org/security/2014/dsa-2832"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12156"}],"affected":[{"package":{"name":"memcached","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/memcached?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.17-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0018.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}