Fedora 36: redis 2022-6ed1ce2838 | LinuxSecurity.com
Fedora Update Notification
2022-05-07 04:08:14.318657

Name        : redis
Product     : Fedora 36
Version     : 6.2.7
Release     : 1.fc36
URL         : https://redis.io
Summary     : A persistent key-value database
Description :
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.

You can use Redis from most programming languages also.

Update Information:

**Redis 6.2.7** -  Released Wed Apr 27 12:00:00 IDT 2022  Upgrade urgency:
**SECURITY**, contains fixes to security issues.  Security Fixes:  *
(CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
can cause NULL pointer dereference which will result with a crash of the
redis-server process. This issue affects all versions of Redis.   [reported by
Aviv Yahav]. * (CVE-2022-24735) By exploiting weaknesses in the Lua script
execution   environment, an attacker with access to Redis can inject Lua code
that will   execute with the (potentially higher) privileges of another Redis
user.   [reported by Aviv Yahav].   Potentially Breaking Fixes  * LPOP/RPOP with
count against non-existing list return null array (#10095) * LPOP/RPOP used to
produce wrong replies when count is 0 (#9692)   Performance and resource
utilization improvements  * Speed optimization in command execution pipeline
(#10502) * Fix regression in Z[REV]RANGE commands (by-rank) introduced in Redis
6.2 (#10337)   Platform / toolchain support related improvements  * Fix RSS
metrics on NetBSD and OpenBSD (#10116, #10149) * Fix OpenSSL 3.0.x related
issues (#10291)   Bug Fixes  * Lua: Add checks for min-slave-* configs when
evaluating Lua scripts (#10160) * Lua: fix crash on a script call with many
arguments, a regression in v6.2.6 (#9809) * Tracking: Make invalidation messages
always after command's reply (#9422) * Fix excessive stream trimming due to an
overflow (#10068) * Add missed error counting for INFO errorstats (#9646) * Fix
geo search bounding box check causing missing results (#10018) * Improve EXPIRE
TTL overflow detection (#9839) * Modules: Fix thread safety violation when a
module thread adds an error reply, broken in 6.2 (#10278) * Modules: Fix missing
and duplicate error stats (#10278) * Module APIs: release clients blocked on
module commands in cluster resharding   and down state (#9483) * Sentinel: Fix
memory leak with TLS (#9753) * Sentinel: Fix issues with hostname support
(#10146) * Sentinel: Fix election failures on certain container environments

* Thu Apr 28 2022 Remi Collet  - 6.2.7-1
- Upstream 6.2.7 release.

  [ 1 ] Bug #2080286 - CVE-2022-24735 redis: Code injection via Lua script execution environment
  [ 2 ] Bug #2080289 - CVE-2022-24736 redis: Malformed Lua script can crash Redis

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-6ed1ce2838' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.