Описание
Security update for redis
This update for redis fixes the following issues:
- CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands (bsc#1208790).
- CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion (bsc#1208793).
Список пакетов
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Real Time 15 SP3
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Ссылки
- Link for SUSE-SU-2023:0693-1
- E-Mail link for SUSE-SU-2023:0693-1
- SUSE Security Ratings
- SUSE Bug 1208790
- SUSE Bug 1208793
- SUSE CVE CVE-2022-36021 page
- SUSE CVE CVE-2023-25155 page
Описание
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Затронутые продукты
Ссылки
- CVE-2022-36021
- SUSE Bug 1208790
- SUSE Bug 1208793
Описание
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
Затронутые продукты
Ссылки
- CVE-2023-25155
- SUSE Bug 1208790
- SUSE Bug 1208793