Updated redis packages fix security vulnerability
Publication date: 11 Mar 2023Modification date: 11 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25155 , CVE-2022-36021
Description
Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (CVE-2023-25155) String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. (CVE-2022-36021)
References
SRPMS
8/core
- redis-6.0.18-1.mga8