http://bugzilla.opensuse.org/show_bug.cgi?id=1007866 http://bugzilla.opensuse.org/show_bug.cgi?id=1007866#c1 --- Comment #1 from Mikhail Kasimov <mikhail.kasimov@gmail.com> --- Reference: http://seclists.org/oss-sec/2016/q4/292 =================================================================== As per Talos page, there seems to be three issues. CVE-2016-8704 - Memcached server append/prepend remote code execution vulnerability An integer overflow in the process_bin_append_prepend function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. http://www.talosintelligence.com/reports/TALOS-2016-0219/ CVE-2016-8705 - Memcached server update remote code execution vulnerability Multiple integer overflows in process_bin_update function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. http://www.talosintelligence.com/reports/TALOS-2016-0220/ CVE-2016-8706 - Memcached server SASL authentication remote code execution vulnerability An integer overflow in process_bin_sasl_auth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. http://www.talosintelligence.com/reports/TALOS-2016-0221/ There is also a talos blog post about these issues: http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html Thanks for sharing! =================================================================== -- You are receiving this mail because: You are on the CC list for the bug.