Описание
Security update for redis
This update for redis fixes the following issues:
- CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field. (bsc#1210548)
- CVE-2022-24834: Fixed a heap overflow in the cjson and cmsgpack libraries. (bsc#1213193)
Список пакетов
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Real Time 15 SP3
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Ссылки
- Link for SUSE-SU-2023:3407-1
- E-Mail link for SUSE-SU-2023:3407-1
- SUSE Security Ratings
- SUSE Bug 1210548
- SUSE Bug 1213193
- SUSE CVE CVE-2022-24834 page
- SUSE CVE CVE-2023-28856 page
Описание
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Затронутые продукты
Ссылки
- CVE-2022-24834
- SUSE Bug 1213193
Описание
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.
Затронутые продукты
Ссылки
- CVE-2023-28856
- SUSE Bug 1210548