Grumpy Camel

**Name of the Vulnerable Software and Affected Versions** Memcached versions 1.4.5 and earlier Memcached versions prior to 1.4.17 **Description** The issue involves multiple integer signedness errors in certain functions, including `process bin sasl auth`, `process bin complete sasl auth`, `process bin update`, and `process bin append prepend`. These errors can be exploited by remote attackers to cause a denial of service, specifically a crash, by sending a packet with a large body length value. Additionally, the vulnerabilities may lead to breaches of confidentiality, integrity, and availability of protected information. **Recommendations** For Memcached versions 1.4.5 and earlier, consider updating to a version later than 1.4.17 to resolve the issue. For Memcached versions prior to 1.4.17, update to version 1.4.17 or later to fix the vulnerabilities. As a temporary workaround, consider restricting access to the `process bin sasl auth`, `process bin complete sasl auth`, `process bin update`, and `process bin append prepend` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Phusion Passenger gem versions prior to 4.0.6 **Description** The issue allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. This is due to a vulnerability in the ext/common/ServerInstanceDir.h file. **Recommendations** For Phusion Passenger gem versions prior to 4.0.6, update to version 4.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp/ directory to minimize the risk of exploitation.