Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian 8 DLA-1396-1 Moderate: Redis Buffer Overflow and Heap Corruption

debian lts
Calendar Grey June 26, 2018
Dist Debian Esm H88
A series of security flaws in Redis on Debian 8 have been fixed. Update to version 2:2.8.17-1+deb8u6 for improved protection.

It was discovered that there were a number of vulnerabilities in redis, a persistent key-value database: * CVE-2018-11218, CVE-2018-11219: Multiple heap

Summary

* CVE-2018-11218, CVE-2018-11219: Multiple heap
corruption and integer overflow vulnerabilities. (#901495)

* CVE-2018-12326: Buffer overflow in the "redis-cli" tool which could
have allowed an attacker to achieve code execution and/or escalate to
higher privileges via a crafted command line. (#902410)

For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u6.

We recommend that you upgrade your redis packages.


Regards,

- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-


Package: redis
Version: 2:2.8.17-1+deb8u6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here