Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 38: Critical Redis Remote Code Execution Due to Heap Overflow

fedora
Calendar Grey January 18, 2024
Dist Fedora Esm H88
The latest Redis release, version 7.0.15, introduces crucial security updates addressing heap overflow vulnerabilities and potential risks of unauthorized remote code execution.
**Redis 7.0.15** Released Tue 09 Jan 2024 10:45:52 IST Upgrade urgency SECURITY: See security fixes below

Summary

Redis is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Redis works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Redis also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Redis behave like

a cache.

You can use Redis from most programming languages also.

Update Information:

**Redis 7.0.15** Released Tue 09 Jan 2024 10:45:52 IST Upgrade urgency SECURITY: See security fixes below. Security fixes * (**CVE-2023-41056**) In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution.

Topics%20covered

Topics Covered

security advisory software update Fedora remote execution heap overflow Redis

Change Log

* Tue Jan 9 2024 Remi Collet - 7.0.15-1 - Upstream 7.0.15 release

References


[ 1 ] Bug #2257454 - CVE-2023-41056 redis: Heap Buffer Overflow may lead to potential remote code execution https://bugzilla.redhat.com/show_bug.cgi?id=2257454

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-694899d442' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: redis
Product: Fedora 38
Version: 7.0.15
Release: 1.fc38
URL: https://redis.io
Summary: A persistent key-value database

Topics%20covered

Topics Covered

security advisory software update Fedora remote execution heap overflow Redis

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here