Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:2122-1

Опубликовано: 08 мая 2023
Источник: suse-cvrf

Описание

Security update for redis

This update for redis fixes the following issues:

  • CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands (bsc#1208790).
  • CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field (bsc#1210548).
  • CVE-2023-25155: Fixed integer overflow in RAND commands that can lead to assertion (bsc#1208793).

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP4
redis-6.2.6-150400.3.19.1
openSUSE Leap 15.4
redis-6.2.6-150400.3.19.1

Ссылки

Описание

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:redis-6.2.6-150400.3.19.1
openSUSE Leap 15.4:redis-6.2.6-150400.3.19.1
Ссылки

Описание

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:redis-6.2.6-150400.3.19.1
openSUSE Leap 15.4:redis-6.2.6-150400.3.19.1
Ссылки

Описание

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:redis-6.2.6-150400.3.19.1
openSUSE Leap 15.4:redis-6.2.6-150400.3.19.1
Ссылки