[AutoPR- Security] Patch memcached for CVE-2026-24809 [MEDIUM] (#15615)

azurelinux-security · web-flow · commit 693cb87b862f · 2026-01-30T14:18:16.000+05:30
diff --git a/SPECS/memcached/CVE-2026-24809.patch b/SPECS/memcached/CVE-2026-24809.patch
@@ -0,0 +1,57 @@
+From 3bb38d48f5e04d56ff7e08391dd17f902e7828ff Mon Sep 17 00:00:00 2001
+From: npt-1707 <npthanh132@gmail.com>
+Date: Mon, 21 Apr 2025 23:05:53 +0800
+Subject: [PATCH] Save stack space while handling errors
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://github.com/praydog/REFramework/pull/1320.patch
+---
+ vendor/lua/src/ldebug.c | 5 ++++-
+ vendor/lua/src/lvm.c    | 6 ++++--
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/vendor/lua/src/ldebug.c b/vendor/lua/src/ldebug.c
+index 1feaab2..5524fae 100644
+--- a/vendor/lua/src/ldebug.c
++++ b/vendor/lua/src/ldebug.c
+@@ -783,8 +783,11 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) {
+   va_start(argp, fmt);
+   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
+   va_end(argp);
+-  if (isLua(ci))  /* if Lua function, add source:line information */
++  if (isLua(ci)) {  /* if Lua function, add source:line information */
+     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
++    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
++    L->top--;
++  }
+   luaG_errormsg(L);
+ }
+ 
+diff --git a/vendor/lua/src/lvm.c b/vendor/lua/src/lvm.c
+index c9729bc..51b9614 100644
+--- a/vendor/lua/src/lvm.c
++++ b/vendor/lua/src/lvm.c
+@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int total) {
+       /* collect total length and number of strings */
+       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
+         size_t l = vslen(s2v(top - n - 1));
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
++        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
++          L->top = top - total;  /* pop strings to avoid wasting stack */
+           luaG_runerror(L, "string length overflow");
++        }
+         tl += l;
+       }
+       if (tl <= LUAI_MAXSHORTLEN) {  /* is result a short string? */
+@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int total) {
+       setsvalue2s(L, top - n, ts);  /* create result */
+     }
+     total -= n-1;  /* got 'n' strings to create 1 new */
+-    L->top -= n-1;  /* popped 'n' strings and pushed one */
++    L->top = top - (n - 1);  /* popped 'n' strings and pushed one */
+   } while (total > 1);  /* repeat until only 1 result left */
+ }
+ 
+-- 
+2.45.4
+
diff --git a/SPECS/memcached/memcached.spec b/SPECS/memcached/memcached.spec
@@ -7,7 +7,7 @@
 Summary:        High Performance, Distributed Memory Object Cache
 Name:           memcached
 Version:        1.6.27
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -17,6 +17,7 @@ Source1:        memcached.sysconfig
 Patch0:         memcached-unit.patch
 Patch1:         CVE-2021-43519.patch
 Patch2:         CVE-2021-44647.patch
+Patch3:         CVE-2026-24809.patch
 BuildRequires:  gcc
 BuildRequires:  libevent-devel
 BuildRequires:  systemd-devel
@@ -131,6 +132,9 @@ exit 0
 %{_unitdir}/memcached.service
 
 %changelog
+* Thu Jan 29 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.6.27-4
+- Patch for CVE-2026-24809
+
 * Thu Mar 20 2025 Jyoti Kanase <v-jykanase@microsoft.com> - 1.6.27-3
 - Fix CVE-2023-6228
 
