openSUSE-SU-2017:2994-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:2994-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2017:2994-1
Related
Published
2017-11-10T13:02:13Z
Modified
2017-11-10T13:02:13Z
Summary
Security update for redis
Details

This update for redis to version 4.0.2 fixes the following issues:

  • CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability (boo#1002351)

The following upstream changes are included:

  • SLOWLOG now logs the offending client name and address
  • The modules native data types RDB format changed.
  • The AOF check utility is now able to deal with RDB preambles.
  • GEORADIUSRO and GEORADIUSBYMEMBERRO variants, not supporting the STORE option, were added in order to allow read-only scaling of such queries.
  • HSET is now variadic, and HMSET is considered deprecated
  • GEORADIUS huge radius (>= ~6000 km) corner cases fixed
  • HyperLogLog commands no longer crash on certain input (non HLL) strings.
  • Fixed SLAVEOF inside MULTI/EXEC blocks.
  • TCP binding bug fixed when only certain addresses were available for a given por
  • MIGRATE could crash the server after a socket error
References

Affected packages

SUSE:Package Hub 12 / redis

Package

Name
redis
Purl
pkg:rpm/suse/redis&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.2-9.1

Ecosystem specific

{
    "binaries": [
        {
            "redis": "4.0.2-9.1"
        }
    ]
}