openSUSE: 2021:3772-1 important: redis
Description
This update for redis fixes the following issues: - CVE-2021-32627: Fixed integer to heap buffer overflows with streams (bsc#1191305). - CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types (bsc#1191305). - CVE-2021-32687: Fixed integer to heap buffer overflow with intsets (bsc#1191302). - CVE-2021-32762: Fixed integer to heap buffer overflow issue in redis-cli and redis-sentinel (bsc#1191300). - CVE-2021-32626: Fixed heap buffer overflow caused by specially crafted Lua scripts (bsc#1191306). - CVE-2021-32672: Fixed random heap reading issue with Lua Debugger (bsc#1191304). - CVE-2021-32675: Fixed Denial Of Service when processing RESP request payloads with a large number of elements on many connections (bsc#1191303). - CVE-2021-41099: Fixed integer to heap buffer overflow handling certain string commands and network payloads (bsc#1191299).
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3772=1
Package List
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): redis-6.0.14-6.8.1 redis-debuginfo-6.0.14-6.8.1 redis-debugsource-6.0.14-6.8.1
References
https://www.suse.com/security/cve/CVE-2021-32626.html https://www.suse.com/security/cve/CVE-2021-32627.html https://www.suse.com/security/cve/CVE-2021-32628.html https://www.suse.com/security/cve/CVE-2021-32672.html https://www.suse.com/security/cve/CVE-2021-32675.html https://www.suse.com/security/cve/CVE-2021-32687.html https://www.suse.com/security/cve/CVE-2021-32762.html https://www.suse.com/security/cve/CVE-2021-41099.html https://bugzilla.suse.com/1191299 https://bugzilla.suse.com/1191300 https://bugzilla.suse.com/1191302 https://bugzilla.suse.com/1191303 https://bugzilla.suse.com/1191304 https://bugzilla.suse.com/1191305 https://bugzilla.suse.com/1191306