RedHat: RHSA-2019-0094:01 Moderate: redis security update

    Date16 Jan 2019
    CategoryRed Hat
    2517
    Posted ByAnthony Pell
    An update for redis is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: redis security update
    Advisory ID:       RHSA-2019:0094-01
    Product:           Red Hat Enterprise Linux OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0094
    Issue date:        2019-01-16
    CVE Names:         CVE-2018-11218 CVE-2018-11219 CVE-2018-12326 
    =====================================================================
    
    1. Summary:
    
    An update for redis is now available for Red Hat OpenStack Platform 13.0
    (Queens).
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenStack Platform 13.0 - ppc64le, x86_64
    
    3. Description:
    
    Redis is an advanced key-value store. It is often referred to as a
    data-structure server since keys can contain strings, hashes, lists, sets,
    and sorted sets. For performance, Redis works with an in-memory data set.
    You can persist it either by dumping the data set to disk every once in a
    while, or by appending each command to a log.
    
    Security Fix(es):
    
    * redis: Heap corruption in lua_cmsgpack.c (CVE-2018-11218)
    
    * redis: Integer overflow in lua_struct.c:b_unpack() (CVE-2018-11219)
    
    * redis: code execution via a crafted command line (CVE-2018-12326)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1590062 - CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack()
    1590067 - CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c
    1594291 - CVE-2018-12326 redis: code execution via a crafted command line
    
    6. Package List:
    
    Red Hat OpenStack Platform 13.0:
    
    Source:
    redis-3.2.8-3.el7ost.src.rpm
    
    ppc64le:
    redis-3.2.8-3.el7ost.ppc64le.rpm
    redis-debuginfo-3.2.8-3.el7ost.ppc64le.rpm
    
    x86_64:
    redis-3.2.8-3.el7ost.x86_64.rpm
    redis-debuginfo-3.2.8-3.el7ost.x86_64.rpm
    
    Red Hat OpenStack Platform 13.0:
    
    Source:
    redis-3.2.8-3.el7ost.src.rpm
    
    ppc64le:
    redis-3.2.8-3.el7ost.ppc64le.rpm
    redis-debuginfo-3.2.8-3.el7ost.ppc64le.rpm
    
    x86_64:
    redis-3.2.8-3.el7ost.x86_64.rpm
    redis-debuginfo-3.2.8-3.el7ost.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-11218
    https://access.redhat.com/security/cve/CVE-2018-11219
    https://access.redhat.com/security/cve/CVE-2018-12326
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXD9yT9zjgjWX9erEAQiL2w//cpMRHyerecWrPQw0hyhOM87z7wjjUR1m
    cfPnn2tSEf1SSbLc7UcOgnVFH+F4JjZFr1kPqOC4f7wmalZfh3eppbUPikIv85fz
    mqACD85cVK6DUw3x99F8YnyT6gH8MD00cJUqSTSeuYFwOq5vXkoSYr9LWZ+PPr5l
    lzYKglWw4OYzt7J637x5UbfrK9bGXt6KwXeIVEJX8yJmWqSklBA/AgosoHi4zkF6
    ZAThmpm0JPi9hGVOiYjpkhza1HG1C/fmCVegAYLUN4xBscOy+4ETDCVuhqrdOsKM
    2lhvdmxX3MgAn/79sgJag3TFFdncTnv93dfFUqFF0MjF4TVduMf5aZ5M6wnXGXJZ
    eurfv1rS2ETmy5unA9EACZt1onmKMvqx/+f6V3JvqTIAvUGX7aA1+Ye510axdGQr
    bozEM7rVz/RPKZgzKJFZVz7AfziqzZDRzG7781BZSDObWfIAeqzDGaPHmUzIjxUd
    /CE918BeOaGIJ0KXbxPTGgQnMifjmlstBXmAyqiUgBYlcIgA0lfzKRwPiIzdYPHF
    mx8UOqE1SUClfilCjfJQHVJTHl75MvsyZKu0Cetm2jKPJnircK/TxSbwohwNosB9
    xa7rKPSj/10vmXWXuUYXSL7bpJy94scKZbiBKi9ve413+ICwvvqu4s+sY9WuGaOV
    XL6hsxKedfI=
    =W7k+
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"5","type":"x","order":"2","pct":62.5,"resources":[]},{"id":"86","title":"No","votes":"3","type":"x","order":"3","pct":37.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.