MGASA-2023-0156 - Updated redis packages fix security vulnerability Publication date: 24 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0156.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-28856 Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. (CVE-2023-28856) References: - https://bugs.mageia.org/show_bug.cgi?id=31809 - https://github.com/redis/redis/releases/tag/6.0.19 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28856 SRPMS: - 8/core/redis-6.0.19-1.mga8
Mageia 2023-0156: redis security update
Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access
Summary
Authenticated users can use the HINCRBYFLOAT command to create an invalid
hash field that will crash Redis on access. (CVE-2023-28856)
References
- https://bugs.mageia.org/show_bug.cgi?id=31809
- https://github.com/redis/redis/releases/tag/6.0.19
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28856
Resolution
MGASA-2023-0156 - Updated redis packages fix security vulnerability
SRPMS
- 8/core/redis-6.0.19-1.mga8
Severity
Publication date: 24 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0156.html
Type: security
CVE: CVE-2023-28856
News
HOWTOs
About Us
Powered By
