Mandrake Security Advisory MDVSA-2009:105 (memcached)

The remote host is missing an update to memcached announced via advisory MDVSA-2009:105.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494). The updated packages have been patched to prevent this. Affected: 2009.0, 2009.1, Corporate 4.0