Vulnerability Database
Blog
FAQ
Docs
SUSE-SU-2021:3772-1
See a problem?
Please try reporting it
to the source
first.
Source
https://www.suse.com/support/update/announcement/2021/suse-su-20213772-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:3772-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:3772-1
Related
CVE-2021-32626
CVE-2021-32627
CVE-2021-32628
CVE-2021-32672
CVE-2021-32675
CVE-2021-32687
CVE-2021-32762
CVE-2021-41099
Published
2021-11-23T14:48:08Z
Modified
2021-11-23T14:48:08Z
Summary
Security update for redis
Details
This update for redis fixes the following issues:
CVE-2021-32627: Fixed integer to heap buffer overflows with streams (bsc#1191305).
CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types (bsc#1191305).
CVE-2021-32687: Fixed integer to heap buffer overflow with intsets (bsc#1191302).
CVE-2021-32762: Fixed integer to heap buffer overflow issue in redis-cli and redis-sentinel (bsc#1191300).
CVE-2021-32626: Fixed heap buffer overflow caused by specially crafted Lua scripts (bsc#1191306).
CVE-2021-32672: Fixed random heap reading issue with Lua Debugger (bsc#1191304).
CVE-2021-32675: Fixed Denial Of Service when processing RESP request payloads with a large number of elements on many connections (bsc#1191303).
CVE-2021-41099: Fixed integer to heap buffer overflow handling certain string commands and network payloads (bsc#1191299).
References
https://www.suse.com/support/update/announcement/2021/suse-su-20213772-1/
https://bugzilla.suse.com/1191299
https://bugzilla.suse.com/1191300
https://bugzilla.suse.com/1191302
https://bugzilla.suse.com/1191303
https://bugzilla.suse.com/1191304
https://bugzilla.suse.com/1191305
https://bugzilla.suse.com/1191306
https://www.suse.com/security/cve/CVE-2021-32626
https://www.suse.com/security/cve/CVE-2021-32627
https://www.suse.com/security/cve/CVE-2021-32628
https://www.suse.com/security/cve/CVE-2021-32672
https://www.suse.com/security/cve/CVE-2021-32675
https://www.suse.com/security/cve/CVE-2021-32687
https://www.suse.com/security/cve/CVE-2021-32762
https://www.suse.com/security/cve/CVE-2021-41099
Affected packages
SUSE:Linux Enterprise Module for Server Applications 15 SP2
/
redis
Package
Name
redis
Purl
pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
6.0.14-6.8.1
Ecosystem specific
{ "binaries": [ { "redis": "6.0.14-6.8.1" } ] }
SUSE:Linux Enterprise Module for Server Applications 15 SP3
/
redis
Package
Name
redis
Purl
pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
6.0.14-6.8.1
Ecosystem specific
{ "binaries": [ { "redis": "6.0.14-6.8.1" } ] }
SUSE-SU-2021:3772-1 - OSV