Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 39: 2023-9b8de310b7 Low: MySQL Permission Elevation Issue

fedora
Calendar Grey September 15, 2023
Dist Fedora Esm H88
Install and upgrade Redis 7.2.1 on Fedora 39 immediately, as critical security vulnerabilities regarding access control have been resolved. Act swiftly!
**Redis 7.2.1** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below

Summary

Redis is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Redis works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Redis also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Redis behave like

a cache.

You can use Redis from most programming languages also.

Update Information:

**Redis 7.2.1** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes * (**CVE-2023-41053**) Redis does not correctly identify keys accessed by SORT_RO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Bug Fixes * Fix crashes when joining a node to an existing 7.0 Redis Cluster (#12538) * Correct request_policy and response_policy command tips on for some admin / configuration commands (#12545, #12530)

Change Log

* Thu Sep 7 2023 Remi Collet - 7.2.1-1 - Upstream 7.2.1 release

References


[ 1 ] Bug #2237826 - CVE-2023-41053 redis: Redis SORT_RO may bypass ACL configuration https://bugzilla.redhat.com/show_bug.cgi?id=2237826

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5a7cc198c2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
low
Lowest
Low
Medium
High
Critical

Name: redis
Product: Fedora 39
Version: 7.2.1
Release: 1.fc39
Summary: A persistent key-value database

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here