Описание
Security update for redis
This update for redis fixes the following issues:
- CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash (bsc#1207202).
- CVE-2023-22458: Fixed a missing check that could allow authenticated users to cause a crash (bsc#1207203).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP4
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:0295-1
- E-Mail link for SUSE-SU-2023:0295-1
- SUSE Security Ratings
- SUSE Bug 1207202
- SUSE Bug 1207203
- SUSE Bug 1207448
- SUSE CVE CVE-2022-35977 page
- SUSE CVE CVE-2023-22458 page
Описание
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-35977
- SUSE Bug 1207202
Описание
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Затронутые продукты
Ссылки
- CVE-2023-22458
- SUSE Bug 1207203