stable

redis-7.0.9-1.fc37

FEDORA-2023-c685251667 created by remi a year ago for Fedora 37

Redis 7.0.9 - Released Tue Feb 28 12:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

  • (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.
  • (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.

Bug Fixes

  • Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
  • Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
  • Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
  • Fix cluster inbound link keepalive time (#11785)
  • Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
  • Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-c685251667

This update has been submitted for testing by remi.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

remi edited this update.

a year ago
User Icon frantisekz commented & provided feedback a year ago
karma

Works well for oraculum (python-redis)

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
approved
a year ago
BZ#2174305 CVE-2022-36021 redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow
0
0
BZ#2174306 CVE-2023-25155 redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack
0
0
BZ#2174649 CVE-2022-36021 redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow [fedora-37]
0
0
BZ#2174656 CVE-2023-25155 redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack [fedora-37]
0
0

Automated Test Results