Описание
Security update for redis
This update for redis fixes the following issues:
- CVE-2020-14147: Context dependent attackers with permission to run Lua code in a Redis session could have caused a denial of service (memory corruption and application crash) or possibly bypass sandbox restrictions (boo#1173018)
Список пакетов
SUSE Package Hub 12
redis-4.0.14-bp151.3.6.1
SUSE Package Hub 15 SP1
redis-4.0.14-bp151.3.6.1
openSUSE Leap 15.1
redis-4.0.14-bp151.3.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1035-1
- SUSE Security Ratings
- SUSE Bug 1173018
- SUSE CVE CVE-2020-14147 page
Описание
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Затронутые продукты
SUSE Package Hub 12:redis-4.0.14-bp151.3.6.1
SUSE Package Hub 15 SP1:redis-4.0.14-bp151.3.6.1
openSUSE Leap 15.1:redis-4.0.14-bp151.3.6.1
Ссылки
- CVE-2020-14147
- SUSE Bug 1173018