openSUSE-SU-2021:3772-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:3772-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:3772-1
- Related
- Published
- 2021-11-23T14:48:09Z
- Modified
- 2021-11-23T14:48:09Z
- Summary
- Security update for redis
- Details
-
This update for redis fixes the following issues:
- CVE-2021-32627: Fixed integer to heap buffer overflows with streams (bsc#1191305).
- CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types (bsc#1191305).
- CVE-2021-32687: Fixed integer to heap buffer overflow with intsets (bsc#1191302).
- CVE-2021-32762: Fixed integer to heap buffer overflow issue in redis-cli and redis-sentinel (bsc#1191300).
- CVE-2021-32626: Fixed heap buffer overflow caused by specially crafted Lua scripts (bsc#1191306).
- CVE-2021-32672: Fixed random heap reading issue with Lua Debugger (bsc#1191304).
- CVE-2021-32675: Fixed Denial Of Service when processing RESP request payloads with a large number of elements on many connections (bsc#1191303).
- CVE-2021-41099: Fixed integer to heap buffer overflow handling certain string commands and network payloads (bsc#1191299).
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OTFIHYYQFTTATMKJQIWNX7F7WKXQXYDB/
- https://bugzilla.suse.com/1191299
- https://bugzilla.suse.com/1191300
- https://bugzilla.suse.com/1191302
- https://bugzilla.suse.com/1191303
- https://bugzilla.suse.com/1191304
- https://bugzilla.suse.com/1191305
- https://bugzilla.suse.com/1191306
- https://www.suse.com/security/cve/CVE-2021-32626
- https://www.suse.com/security/cve/CVE-2021-32627
- https://www.suse.com/security/cve/CVE-2021-32628
- https://www.suse.com/security/cve/CVE-2021-32672
- https://www.suse.com/security/cve/CVE-2021-32675
- https://www.suse.com/security/cve/CVE-2021-32687
- https://www.suse.com/security/cve/CVE-2021-32762
- https://www.suse.com/security/cve/CVE-2021-41099