Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 21: FEDORA-2015-9488 Critical: Redis Lua Sandbox Escape

fedora
Calendar Grey July 18, 2015
Dist Fedora Esm H88
The security patch for Redis on Fedora 21 resolves severe vulnerabilities such as Lua sandbox breaches and potential unauthorized code execution.
- Upstream 2.8.21 (RHBZ #1228245) - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331)

Summary

Redis is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Redis works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Redis also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Redis behave like

a cache.

You can use Redis from most programming languages also.

Update Information:

- Upstream 2.8.21 (RHBZ #1228245) - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331)

Topics%20covered

Topics Covered

security advisory update critical Fedora arbitrary execution Redis Lua escape

Change Log

* Thu Jun 4 2015 Haïkel Guémar - 2.8.21-1 - Upstream 2.8.21 - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331) * Thu Mar 26 2015 Haïkel Guémar - 2.8.19-2 - Fix redis-shutdown on multiple NIC setup (RHBZ #1201237) * Fri Feb 27 2015 Haïkel Guémar - 2.8.19-1 - Upstream 2.8.19 (RHBZ #1175232) - Fix permissions for tmpfiles (RHBZ #1182913) - Add limits config files - Spec cleanups * Fri Dec 5 2014 Haïkel Guémar - 2.8.18-1 - Upstream 2.8.18 - Rebased patches * Sat Sep 20 2014 Remi Collet - 2.8.17-1 - Upstream 2.8.17 - fix redis-sentinel service unit file for systemd - fix redis-shutdown for sentinel - also use redis-shutdown in init scripts * Wed Sep 17 2014 Haïkel Guémar - 2.8.15-2 - Minor fix to redis-shutdown (from Remi Collet)

References


[ 1 ] Bug #1228327 - CVE-2015-4335 redis: Lua sandbox escape and arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1228327

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update redis' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: redis
Product: Fedora 21
Version: 2.8.21
Release: 1.fc21
URL: https://redis.io/
Summary: A persistent key-value database

Topics%20covered

Topics Covered

security advisory update critical Fedora arbitrary execution Redis Lua escape

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here