stable

redis-6.0.13-1.fc33

FEDORA-2021-8b19c99d6a created by remi 2 years ago for Fedora 33

Redis 6.0.13 Released Mon May 3 19:00:00 IST 2021

Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise.

Integer overflow in STRALGO LCS command (CVE-2021-29477): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0.

Integer overflow in COPY command for large intsets (CVE-2021-29478): An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2).

Bug fixes:

  • Cluster: Skip unnecessary check which may prevent failure detection (#8585)
  • Fix not starting on alpine/libmusl without IPv6 (#8655)

Improvements:

  • Fix performance regression in BRPOP on Redis 6.0 (#8689)

Modules:

  • Fix edge-case when a module client is unblocked (#8618)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-8b19c99d6a

This update has been submitted for testing by remi.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

remi edited this update.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1957410 CVE-2021-29477 redis: Integer overflow via STRALGO LCS command
0
0
BZ#1957411 CVE-2021-29477 redis: Integer overflow via STRALGO LCS command [fedora-all]
0
0
BZ#1957414 CVE-2021-29478 redis: Integer overflow via COPY command for large intsets
0
0
BZ#1957415 CVE-2021-29478 redis: Integer overflow via COPY command for large intsets [fedora-all]
0
0

Automated Test Results