SUSE-SU-2021:1652-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211652-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1652-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:1652-1
Related
Published
2021-05-19T12:30:32Z
Modified
2021-05-19T12:30:32Z
Summary
Security update for redis
Details

This update for redis fixes the following issues:

redis was updated to 6.0.13:

  • CVE-2021-29477: Integer overflow in STRALGO LCS command (bsc#1185729)
  • CVE-2021-29478: Integer overflow in COPY command for large intsets (bsc#1185730)
  • Cluster: Skip unnecessary check which may prevent failure detection
  • Fix performance regression in BRPOP on Redis 6.0
  • Fix edge-case when a module client is unblocked

redis 6.0.12:

  • Fix compilation error on non-glibc systems if jemalloc is not used

redis 6.0.11:

  • CVE-2021-21309: Avoid 32-bit overflows when proto-max-bulk-len is set high (bsc#1182657)
  • Fix handling of threaded IO and CLIENT PAUSE (failover), could lead to data loss or a crash
  • Fix the selection of a random element from large hash tables
  • Fix broken protocol in client tracking tracking-redir-broken message
  • XINFO able to access expired keys on a replica
  • Fix broken protocol in redis-benchmark when used with -a or --dbnum
  • Avoid assertions (on older kernels) when testing arm64 CoW bug
  • CONFIG REWRITE should honor umask settings
  • Fix firstkey,lastkey,step in COMMAND command for some commands

  • RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys

  • Switch systemd type of the sentinel service from notify to simple. This can be reverted when updating to 6.2 which fixes https://github.com/redis/redis/issues/7284 .

References

Affected packages

SUSE:Linux Enterprise Module for Server Applications 15 SP2 / redis

Package

Name
redis
Purl
pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.13-1.10.1

Ecosystem specific 

{
    "binaries": [
        {
            "redis": "6.0.13-1.10.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP3 / redis

Package

Name
redis
Purl
pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.13-1.10.1

Ecosystem specific 

{
    "binaries": [
        {
            "redis": "6.0.13-1.10.1"
        }
    ]
}