openSUSE: 2023:2925-1: important: redis7 Security Advisory Update
Description
This update for redis7 fixes the following issues: * CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193). * CVE-2023-28856: Fixed HINCRBYFLOAT invalid key crash (bsc#1210548). * CVE-2022-36021: Fixed integer overflow via Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD (bsc#1208790). * CVE-2023-25155: Fixed Integer Overflow in RAND commands (bsc#1208793). * CVE-2023-28425: Fixed denial-of-service via Specially crafted MSETNX command (bsc#1209528). * CVE-2023-36824: Fixed heap overflow in COMMAND GETKEYS and ACL evaluation (bsc#1213249).
Patch
## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2925=1 openSUSE-SLE-15.5-2023-2925=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2925=1
Package List
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * redis7-7.0.8-150500.3.3.1 * redis7-debuginfo-7.0.8-150500.3.3.1 * redis7-debugsource-7.0.8-150500.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis7-7.0.8-150500.3.3.1 * redis7-debuginfo-7.0.8-150500.3.3.1 * redis7-debugsource-7.0.8-150500.3.3.1
References
* #1208790 * #1208793 * #1209528 * #1210548 * #1213193 * #1213249 ## References: * https://www.suse.com/security/cve/CVE-2022-24834.html * https://www.suse.com/security/cve/CVE-2022-36021.html * https://www.suse.com/security/cve/CVE-2023-25155.html * https://www.suse.com/security/cve/CVE-2023-28425.html * https://www.suse.com/security/cve/CVE-2023-28856.html * https://www.suse.com/security/cve/CVE-2023-36824.html * https://bugzilla.suse.com/show_bug.cgi?id=1208790 * https://bugzilla.suse.com/show_bug.cgi?id=1208793 * https://bugzilla.suse.com/show_bug.cgi?id=1209528 * https://bugzilla.suse.com/show_bug.cgi?id=1210548 * https://bugzilla.suse.com/show_bug.cgi?id=1213193 * https://bugzilla.suse.com/show_bug.cgi?id=1213249