openSUSE Leap 15.5: 2023:2925-1 Important Redis7 Security Update

opensuse

July 20, 2023

This update for redis7 fixes the following issues: CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193).

Description

This update for redis7 fixes the following issues:

* CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries

(bsc#1213193).

* CVE-2023-28856: Fixed HINCRBYFLOAT invalid key crash (bsc#1210548).

* CVE-2022-36021: Fixed integer overflow via Specially crafted SRANDMEMBER,

ZRANDMEMBER, and HRANDFIELD (bsc#1208790).

* CVE-2023-25155: Fixed Integer Overflow in RAND commands (bsc#1208793).

* CVE-2023-28425: Fixed denial-of-service via Specially crafted MSETNX command

(bsc#1209528).

* CVE-2023-36824: Fixed heap overflow in COMMAND GETKEYS and ACL evaluation

(bsc#1213249).

Topics Covered

security advisory heap overflow denial-of-service important update redis7

Patch

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation

methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch SUSE-2023-2925=1 openSUSE-SLE-15.5-2023-2925=1

* Server Applications Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2925=1

Package List

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)

* redis7-7.0.8-150500.3.3.1

* redis7-debuginfo-7.0.8-150500.3.3.1

* redis7-debugsource-7.0.8-150500.3.3.1

* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)

* redis7-7.0.8-150500.3.3.1

* redis7-debuginfo-7.0.8-150500.3.3.1

* redis7-debugsource-7.0.8-150500.3.3.1

References

* #1208790

* #1208793

* #1209528

* #1210548

* #1213193

* #1213249

## References:

* https://www.suse.com/security/cve/CVE-2022-24834.html

* https://www.suse.com/security/cve/CVE-2022-36021.html

* https://www.suse.com/security/cve/CVE-2023-25155.html

* https://www.suse.com/security/cve/CVE-2023-28425.html

* https://www.suse.com/security/cve/CVE-2023-28856.html

* https://www.suse.com/security/cve/CVE-2023-36824.html

* https://bugzilla.suse.com/show_bug.cgi?id=1208790

* https://bugzilla.suse.com/show_bug.cgi?id=1208793

* https://bugzilla.suse.com/show_bug.cgi?id=1209528

* https://bugzilla.suse.com/show_bug.cgi?id=1210548

* https://bugzilla.suse.com/show_bug.cgi?id=1213193

* https://bugzilla.suse.com/show_bug.cgi?id=1213249

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2023:2925-1

Rating: important

Topics Covered

security advisory heap overflow denial-of-service important update redis7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE Leap 15.5: 2023:2925-1 Important Redis7 Security Update

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE Leap 15.5: 2023:2925-1 Important Redis7 Security Update

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!