Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia: MGASA-2021-0373 Critical: Redis Integer Overflow Issues

mageia
Calendar Grey July 25, 2021
Dist Mageia Esm H88
Mageia's MGASA-2021-0374 tackles several Postgres vulnerabilities by implementing urgent patches for dangerous buffer overflows.
An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution (CVE-...

Summary

An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution (CVE-2021-29477).
An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution (CVE-2021-29478).
A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15 and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution (CVE-2021-32761).

References

- https://bugs.mageia.org/show_bug.cgi?id=29036

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/

- https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html

- https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj

- https://www.cve.org/CVERecord?id=CVE-2021-29477

- https://www.cve.org/CVERecord?id=CVE-2021-29478

- https://www.cve.org/CVERecord?id=CVE-2021-32761

Topics%20covered

Topics Covered

security advisory critical heap corruption remote code execution integer overflow redis Mageia

Resolution

SRPMS

- 8/core/redis-6.0.15-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 25 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0373.html
Type: security
CVE: CVE-2021-29477, CVE-2021-29478, CVE-2021-32761

Topics%20covered

Topics Covered

security advisory critical heap corruption remote code execution integer overflow redis Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here