RLSA-2022:8096

Опубликовано: 15 нояб. 2022

Источник: rocky

Оценка: Low

Описание

Low: redis security and bug fix update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

redis: Code injection via Lua script execution environment (CVE-2022-24735)
redis: Malformed Lua script can crash Redis (CVE-2022-24736)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.

Затронутые продукты

Rocky Linux 9

Наименование	Архитектура	Релиз	RPM
redis	x86_64	1.el9	redis-6.2.7-1.el9.x86_64.rpm
redis-devel	x86_64	1.el9	redis-devel-6.2.7-1.el9.x86_64.rpm
redis-doc	noarch	1.el9	redis-doc-6.2.7-1.el9.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-24735

CVE-2022-24736

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2080286
Red Hat - 2080286
https://bugzilla.redhat.com/show_bug.cgi?id=2080289
Red Hat - 2080289
https://bugzilla.redhat.com/show_bug.cgi?id=2083151
Red Hat - 2083151

Связанные уязвимости

SUSE-SU-2022:1929-1

suse-cvrf

около 3 лет назад

Security update for redis

SUSE-SU-2022:1842-1

suse-cvrf

около 3 лет назад

Security update for redis

RLSA-2022:7541

rocky

почти 3 года назад

Low: redis:6 security, bug fix, and enhancement update

ELSA-2022-8096

oracle-oval

больше 2 лет назад

ELSA-2022-8096: redis security and bug fix update (LOW)

ELSA-2022-7541