Comment 4 for bug 1752831

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.25-2ubuntu1.3

memcached (1.4.25-2ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service due to integer overflow
    - debian/patches/CVE-2017-9951.patch: check for integer overflow on
      key requests
    - CVE-2017-9951
  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
    - CVE-2018-1000115

 -- Steve Beattie <email address hidden> Mon, 05 Mar 2018 01:08:38 -0800