Security update for memcached SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0968-1 Final 1 1 2018-04-17T06:38:30Z current 2018-04-17T06:38:30Z 2018-04-17T06:38:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for memcached This update for memcached fixes the following issues: - CVE-2018-1000115: Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server could result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). (bsc#1083903) - Home directory shouldn't be world readable bsc#1077718 This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-04/msg00043.html E-Mail link for openSUSE-SU-2018:0968-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 memcached-1.4.39-11.6.1 memcached-devel-1.4.39-11.6.1 memcached-1.4.39-11.6.1 as a component of openSUSE Leap 42.3 memcached-devel-1.4.39-11.6.1 as a component of openSUSE Leap 42.3 Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. CVE-2018-1000115 openSUSE Leap 42.3:memcached-1.4.39-11.6.1 openSUSE Leap 42.3:memcached-devel-1.4.39-11.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-04/msg00043.html https://www.suse.com/security/cve/CVE-2018-1000115.html CVE-2018-1000115 https://bugzilla.suse.com/1083903 SUSE Bug 1083903