Fedora 22: redis Security Update

    Date17 Jul 2015
    CategoryFedora
    19
    Posted ByLinuxSecurity Advisories
    - Upstream 2.8.21 - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331)
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2015-9498
    2015-06-05 16:29:11
    --------------------------------------------------------------------------------
    
    Name        : redis
    Product     : Fedora 22
    Version     : 2.8.21
    Release     : 1.fc22
    URL         : http://redis.io
    Summary     : A persistent key-value database
    Description :
    Redis is an advanced key-value store. It is often referred to as a data
    structure server since keys can contain strings, hashes, lists, sets and
    sorted sets.
    
    You can run atomic operations on these types, like appending to a string;
    incrementing the value in a hash; pushing to a list; computing set
    intersection, union and difference; or getting the member with highest
    ranking in a sorted set.
    
    In order to achieve its outstanding performance, Redis works with an
    in-memory dataset. Depending on your use case, you can persist it either
    by dumping the dataset to disk every once in a while, or by appending
    each command to a log.
    
    Redis also supports trivial-to-setup master-slave replication, with very
    fast non-blocking first synchronization, auto-reconnection on net split
    and so forth.
    
    Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
    limited time-to-live, and configuration settings to make Redis behave like
    a cache.
    
    You can use Redis from most programming languages also.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    - Upstream 2.8.21 
    - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331)
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Jun  4 2015 Haïkel Guémar  - 2.8.21-1
    - Upstream 2.8.21
    - Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331)
    * Thu Mar 26 2015 Haïkel Guémar  - 2.8.19-2
    - Fix redis-shutdown on multiple NIC setup (RHBZ #1201237)
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1228327 - CVE-2015-4335 redis: Lua sandbox escape and arbitrary code execution
            https://bugzilla.redhat.com/show_bug.cgi?id=1228327
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use
    su -c 'yum update redis' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://admin.fedoraproject.org/mailman/listinfo/package-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/products?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    8
    radio
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.