Comment 5 for bug 1752831

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.14-0ubuntu9.2

memcached (1.4.14-0ubuntu9.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service due to integer overflow
    - debian/patches/CVE-2017-9951.patch: check for integer overflow on
      key requests
    - CVE-2017-9951
  * SECURITY UPDATE: disable listening on UDP port by default due to
    use in DDoS amplification attacks
    - debian/patches/disable-udp-by-default.patch: disable UDP port by
      default. (LP: #1752831)
    - debian/NEWS: add explanation and document how to re-enable UDP if
    - CVE-2018-1000115

 -- Steve Beattie <email address hidden> Mon, 05 Mar 2018 02:10:59 -0800