Описание
ELSA-2019-2002: redis:5 security update (IMPORTANT)
[5.0.3-2]
- fix Heap buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10192
- fix Stack buffer overflow in HyperLogLog triggered by malicious client CVE-2019-10193
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module redis:5 is enabled
redis
5.0.3-2.module+el8.0.0.z+5250+19ca22c8
redis-devel
5.0.3-2.module+el8.0.0.z+5250+19ca22c8
redis-doc
5.0.3-2.module+el8.0.0.z+5250+19ca22c8
Oracle Linux x86_64
Module redis:5 is enabled
redis
5.0.3-2.module+el8.0.0.z+5250+19ca22c8
redis-devel
5.0.3-2.module+el8.0.0.z+5250+19ca22c8
redis-doc
5.0.3-2.module+el8.0.0.z+5250+19ca22c8
Связанные CVE
Связанные уязвимости
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
A stack-buffer overflow vulnerability was found in the Redis hyperlogl ...