SUSE-SU-2023:0274-1

Опубликовано: 06 фев. 2023

Источник: suse-cvrf

Описание

Security update for redis

This update for redis fixes the following issues:

CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash (bsc#1207202).

Список пакетов

SUSE Enterprise Storage 7

redis-6.0.14-150200.6.17.1

SUSE Enterprise Storage 7.1

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise Real Time 15 SP3

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise Server 15 SP2-LTSS

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise Server 15 SP3-LTSS

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

redis-6.0.14-150200.6.17.1

SUSE Manager Proxy 4.2

redis-6.0.14-150200.6.17.1

SUSE Manager Retail Branch Server 4.2

redis-6.0.14-150200.6.17.1

SUSE Manager Server 4.2

redis-6.0.14-150200.6.17.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230274-1/
Link for SUSE-SU-2023:0274-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013631.html
E-Mail link for SUSE-SU-2023:0274-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207202
SUSE Bug 1207202
https://www.suse.com/security/cve/CVE-2022-35977/
SUSE CVE CVE-2022-35977 page

Описание

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Затронутые продукты

SUSE Enterprise Storage 7.1:redis-6.0.14-150200.6.17.1

SUSE Enterprise Storage 7:redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:redis-6.0.14-150200.6.17.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:redis-6.0.14-150200.6.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-35977.html
CVE-2022-35977
https://bugzilla.suse.com/1207202
SUSE Bug 1207202

SUSE-SU-2023:0274-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Real Time 15 SP3

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Manager Proxy 4.2

SUSE Manager Retail Branch Server 4.2

SUSE Manager Server 4.2

Ссылки

Уязвимость: CVE-2022-35977

Описание

Затронутые продукты

Ссылки