From 60adcff1eaf8c06c2710a8f6a283df7b45d8d688 Mon Sep 17 00:00:00 2001
From: ZhongShengping <chdzsp@163.com>
Date: Mon, 12 Mar 2018 09:51:13 +0800
Subject: [PATCH] [CVE-2018-1000115] memcached: restrict to TCP

https://access.redhat.com/security/cve/cve-2018-1000115

Restrict Memcached to only work on TCP.
The configuration only binds memcached on localhost but in case it
changes, we'll prevent DDoS amplification attacks.

Change-Id: Ifc16c8a3229f5fc0f3651e714627b526e4338cfe
Closes-Bug: #1755063
---
 templates/memcached.redhat.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/memcached.redhat.j2 b/templates/memcached.redhat.j2
index 33b7a3a..dd706cc 100644
--- a/templates/memcached.redhat.j2
+++ b/templates/memcached.redhat.j2
@@ -10,4 +10,4 @@ PORT="{{ memcached_port }}"
 USER="{{ memcached_user }}"
 MAXCONN="{{ memcached_connections }}"
 CACHESIZE="{{ memcached_memory }}"
-OPTIONS="-l {{ memcached_listen }} -t {{ memcached_threads }} {{ _verbosity }}"
+OPTIONS="-U 0 -l {{ memcached_listen }} -t {{ memcached_threads }} {{ _verbosity }}"