Описание
Security update for redis
This update for redis to 4.0.10 fixes the following issues:
These security issues were fixed:
- CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack (bsc#1097430).
- CVE-2018-11219: Prevent integer overflow in Lua scripting (bsc#1097768).
For Leap 42.3 and openSUSE SLE 12 backports this is a jump from 4.0.6. For additional details please see
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 12
redis-4.0.10-15.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1802-1
- SUSE Security Ratings
Описание
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:redis-4.0.10-15.1
Ссылки
- CVE-2018-11218
- SUSE Bug 1097430
- SUSE Bug 1097768
Описание
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:redis-4.0.10-15.1
Ссылки
- CVE-2018-11219
- SUSE Bug 1097430
- SUSE Bug 1097768