UbuntuUpdates.org

Package "memcached"

Name: memcached

Description:

High-performance in-memory object caching system
Latest version: 1.6.14-1ubuntu0.2
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://memcached.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "memcached"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "memcached" in Jammy

Repository Area Version
base main 1.6.14-1
updates main 1.6.14-1ubuntu0.1

Changelog

Version: 1.6.14-1ubuntu0.2 2026-05-27 14:07:29 UTC

  memcached (1.6.14-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: SASL password timing side-channel
    - debian/patches/CVE-2026-4778x.patch: Fix timing side-channel in SASL
      password database authentication in sasl_defs.c.
    - CVE-2026-47783
    - CVE-2026-47784

 -- Marc Deslauriers <email address hidden> Fri, 22 May 2026 13:13:06 -0400
Source diff to previous version
CVE-2026-4778 A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_u

Version: 1.6.14-1ubuntu0.1 2023-11-13 17:07:00 UTC

  memcached (1.6.14-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via multiget requests in proxy mode
    - debian/patches/CVE-2023-46852.patch: fix buffer overflow with
      multiget syntax in proto_proxy.c.
    - CVE-2023-46852
  * SECURITY UPDATE: off-by-one error via proxy requests in proxy mode
    - debian/patches/CVE-2023-46853.patch: fix off-by-one if \r is missing
      in proto_proxy.c, t/proxy.t.
    - CVE-2023-46853

 -- Marc Deslauriers <email address hidden> Wed, 01 Nov 2023 10:19:02 -0400
CVE-2023-46852 In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substr
CVE-2023-46853 In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.


About   -   Send Feedback to @ubuntu_updates