Updated redis package fixes security vulnerability
Publication date: 19 Jun 2015Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-4335
Description
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code (CVE-2015-4335).
References
SRPMS
4/core
- redis-2.6.5-4.1.mga4