Advisories » MGASA-2023-0086

Updated redis packages fix security vulnerability

Publication date: 11 Mar 2023
Modification date: 11 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25155 , CVE-2022-36021

Description

Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can
trigger an integer overflow, resulting in a runtime assertion and
termination of the Redis server process. (CVE-2023-25155)

String matching commands (like SCAN or KEYS) with a specially crafted
pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time. (CVE-2022-36021)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31616
• https://github.com/redis/redis/releases/tag/6.0.18
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25155
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36021

SRPMS

8/core

• redis-6.0.18-1.mga8