Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:3407-1

Опубликовано: 23 авг. 2023
Источник: suse-cvrf

Описание

Security update for redis

This update for redis fixes the following issues:

  • CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field. (bsc#1210548)
  • CVE-2022-24834: Fixed a heap overflow in the cjson and cmsgpack libraries. (bsc#1213193)

Список пакетов

SUSE Enterprise Storage 7
redis-6.0.14-150200.6.26.1
SUSE Enterprise Storage 7.1
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Real Time 15 SP3
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server 15 SP2-LTSS
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server 15 SP3-LTSS
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
redis-6.0.14-150200.6.26.1
SUSE Manager Proxy 4.2
redis-6.0.14-150200.6.26.1
SUSE Manager Server 4.2
redis-6.0.14-150200.6.26.1

Описание

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.


Затронутые продукты
SUSE Enterprise Storage 7.1:redis-6.0.14-150200.6.26.1
SUSE Enterprise Storage 7:redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:redis-6.0.14-150200.6.26.1

Ссылки

Описание

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.


Затронутые продукты
SUSE Enterprise Storage 7.1:redis-6.0.14-150200.6.26.1
SUSE Enterprise Storage 7:redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:redis-6.0.14-150200.6.26.1

Ссылки