Fedora 33: redis 2021-76cf1653b3
Summary
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.
You can use Redis from most programming languages also.
** Redis 6.0.15** - Released Wed Jul 21 16:32:19 IDT 2021 Upgrade urgency:
SECURITY, contains fixes to security issues that affect authenticated client
connections on 32-bit versions. MODERATE otherwise. Fix integer overflow in
BITFIELD on 32-bit versions (**CVE-2021-32761**). An integer overflow bug in
Redis version 2.2 or newer can be exploited using the BITFIELD command to
corrupt the heap and potentially result with remote code execution. Bug fixes
that involve behavior changes: * Change reply type for ZPOPMAX/MIN with
count in RESP3 to nested array (#8981). Was using a flat array like in RESP2
instead of a nested array like ZRANGE does. Bug fixes: * Fail EXEC command
in case a watched key is expired (#9194) * Fix SMOVE not to invalidate dest
key (WATCH and tracking) when member already exists (#9244) * Fix SINTERSTORE
not to delete dest key when getting a wrong type error (#9032) * Fix
overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD
(#9191) * Set TCP keepalive on inbound cluster bus connections (#9230) *
Fix ziplist length updates on big-endian platforms (#2080) * Fix diskless
replica loading to recover from RDB short read on module AUX data (#9199) *
Fix race in client side tracking (#9116) * If diskless repl child is killed,
make sure to reap the child pid (#7742) * Add a timeout mechanism for
replicas stuck in fullsync (#8762) CLI tools: * redis-cli cluster import
support source and target that require auth (#7994) * redis-cli cluster
import command may issue wrong MIGRATE command, sending COPY instead of REPLACE
(#8945) * redis-cli support for RESP3 set type in CSV and RAW output (#7338)
* Thu Jul 22 2021 Remi Collet
- Upstream 6.0.15 release
- Fix CVE-2021-32761: 32-bit systems BITFIELD command integer overflow.
[ 1 ] Bug #1985476 - CVE-2021-32761 redis: integer overflow issues with BITFIELD command on 32-bit systems
https://bugzilla.redhat.com/show_bug.cgi?id=1985476
su -c 'dnf upgrade --advisory FEDORA-2021-76cf1653b3' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FEDORA-2021-76cf1653b3 2021-08-01 04:04:30.838612 Product : Fedora 33 Version : 6.0.15 Release : 1.fc33 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. ** Redis 6.0.15** - Released Wed Jul 21 16:32:19 IDT 2021 Upgrade urgency: SECURITY, contains fixes to security issues that affect authenticated client connections on 32-bit versions. MODERATE otherwise. Fix integer overflow in BITFIELD on 32-bit versions (**CVE-2021-32761**). An integer overflow bug in Redis version 2.2 or newer can be exploited using the BITFIELD command to corrupt the heap and potentially result with remote code execution. Bug fixes that involve behavior changes: * Change reply type for ZPOPMAX/MIN with count in RESP3 to nested array (#8981). Was using a flat array like in RESP2 instead of a nested array like ZRANGE does. Bug fixes: * Fail EXEC command in case a watched key is expired (#9194) * Fix SMOVE not to invalidate dest key (WATCH and tracking) when member already exists (#9244) * Fix SINTERSTORE not to delete dest key when getting a wrong type error (#9032) * Fix overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD (#9191) * Set TCP keepalive on inbound cluster bus connections (#9230) * Fix ziplist length updates on big-endian platforms (#2080) * Fix diskless replica loading to recover from RDB short read on module AUX data (#9199) * Fix race in client side tracking (#9116) * If diskless repl child is killed, make sure to reap the child pid (#7742) * Add a timeout mechanism for replicas stuck in fullsync (#8762) CLI tools: * redis-cli cluster import support source and target that require auth (#7994) * redis-cli cluster import command may issue wrong MIGRATE command, sending COPY instead of REPLACE (#8945) * redis-cli support for RESP3 set type in CSV and RAW output (#7338) * Thu Jul 22 2021 Remi Collet - 6.0.15-1 - Upstream 6.0.15 release - Fix CVE-2021-32761: 32-bit systems BITFIELD command integer overflow. [ 1 ] Bug #1985476 - CVE-2021-32761 redis: integer overflow issues with BITFIELD command on 32-bit systems https://bugzilla.redhat.com/show_bug.cgi?id=1985476 su -c 'dnf upgrade --advisory FEDORA-2021-76cf1653b3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Change Log
References
Update Instructions
