Vulnerability from csaf_opensuse
Published
2021-05-07 18:41
Modified
2021-05-07 18:41
Summary
Security update for redis

Notes

Title of the patch
Security update for redis
Description of the patch
This update for redis fixes the following issues: redis 6.0.13 * CVE-2021-29477: Integer overflow in STRALGO LCS command (boo#1185729) * CVE-2021-29478: Integer overflow in COPY command for large intsets (boo#1185730) * Cluster: Skip unnecessary check which may prevent failure detection * Fix performance regression in BRPOP on Redis 6.0 * Fix edge-case when a module client is unblocked redis 6.0.12: * Fix compilation error on non-glibc systems if jemalloc is not used redis 6.0.11: * CVE-2021-21309: Avoid 32-bit overflows when proto-max-bulk-len is set high (boo#1182657) * Fix handling of threaded IO and CLIENT PAUSE (failover), could lead to data loss or a crash * Fix the selection of a random element from large hash tables * Fix broken protocol in client tracking tracking-redir-broken message * XINFO able to access expired keys on a replica * Fix broken protocol in redis-benchmark when used with -a or --dbnum * Avoid assertions (on older kernels) when testing arm64 CoW bug * CONFIG REWRITE should honor umask settings * Fix firstkey,lastkey,step in COMMAND command for some commands * RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys redis 6.0.10: Command behavior changes: * SWAPDB invalidates WATCHed keys (#8239) * SORT command behaves differently when used on a writable replica (#8283) * EXISTS should not alter LRU (#8016) In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key. * OBJECT should not reveal logically expired keys (#8016) Will now behave the same TYPE or any other non-DEBUG command. * GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit (#8107) Other behavior changes: * Sentinel: Fix missing updates to the config file after SENTINEL SET command (#8229) * CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder (#7824, #8051) This change was already present in 6.0.9, but was missing from the release notes. Bug fixes with compatibility implications (bugs introduced in Redis 6.0): * Fix RDB CRC64 checksum on big-endian systems (#8270) If you're using big-endian please consider the compatibility implications with RESTORE, replication and persistence. * Fix wrong order of key/value in Lua's map response (#8266) If your scripts use redis.setresp() or return a map (new in Redis 6.0), please consider the implications. Bug fixes: * Fix an issue where a forked process deletes the parent's pidfile (#8231) * Fix crashes when enabling io-threads-do-reads (#8230) * Fix a crash in redis-cli after executing cluster backup (#8267) * Handle output buffer limits for module blocked clients (#8141) Could result in a module sending reply to a blocked client to go beyond the limit. * Fix setproctitle related crashes. (#8150, #8088) Caused various crashes on startup, mainly on Apple M1 chips or under instrumentation. * Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb (#8108) In cluster mode with repl-diskless-load, when loading failed, slot map wouldn't have been restored. * Fix oom-score-adj-values range, and bug when used in config file (#8046) Enabling setting this in the config file in a line after enabling it, would have been buggy. * Reset average ttl when empty databases (#8106) Just causing misleading metric in INFO * Disable rehash when Redis has child process (#8007) This could have caused excessive CoW during BGSAVE, replication or AOFRW. * Further improved ACL algorithm for picking categories (#7966) Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER. * Fix bug with module GIL being released prematurely (#8061) Could in theory (and rarely) cause multi-threaded modules to corrupt memory. * Reduce effect of client tracking causing feedback loop in key eviction (#8100) * Fix cluster access to unaligned memory (SIGBUS on old ARM) (#7958) * Fix saving of strings larger than 2GB into RDB files (#8306) Additional improvements: * Avoid wasteful transient memory allocation in certain cases (#8286, #5954) Platform / toolchain support related improvements: * Fix crash log registers output on ARM. (#8020) * Add a check for an ARM64 Linux kernel bug (#8224) Due to the potential severity of this issue, Redis will print log warning on startup. * Raspberry build fix. (#8095) New configuration options: * oom-score-adj-values config can now take absolute values (besides relative ones) (#8046) Module related fixes: * Moved RMAPI_FUNC_SUPPORTED so that it's usable (#8037) * Improve timer accuracy (#7987) * Allow '\0' inside of result of RM_CreateStringPrintf (#6260) redis 6.0.9: * potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc. Does not affect the openSUSE package - boo#1178205 * Memory reporting of clients argv * Add redis-cli control on raw format line delimiter * Add redis-cli support for rediss:// -u prefix * WATCH no longer ignores keys which have expired for MULTI/EXEC * Correct OBJECT ENCODING response for stream type * Allow blocked XREAD on a cluster replica * TLS: Do not require CA config if not used * multiple bug fixes * Additions to modules API redis 6.0.8 (jsc#PM-1615, jsc#PM-1622, jsc#PM-1681, jsc#ECO-2417, jsc#ECO-2867, jsc#PM-1547, jsc#CAPS-56, jsc#SLE-11578, jsc#SLE-12821): * bug fixes when using with Sentinel * bug fixes when using CONFIG REWRITE * Remove THP warning when set to madvise * Allow EXEC with read commands on readonly replica in cluster * Add masters/replicas options to redis-cli --cluster call command - includes changes from 6.0.7: * CONFIG SET could hung the client when arrives during RDB/ROF loading * LPOS command when RANK is greater than matches responded with broken protocol * Add oom-score-adj configuration option to control Linux OOM killer * Show IO threads statistics and status in INFO output * Add optional tls verification mode (see tls-auth-clients) redis 6.0.6: * Fix crash when enabling CLIENT TRACKING with prefix * EXEC always fails with EXECABORT and multi-state is cleared * RESTORE ABSTTL won't store expired keys into the db * redis-cli better handling of non-pritable key names * TLS: Ignore client cert when tls-auth-clients off * Tracking: fix invalidation message on flush * Notify systemd on Sentinel startup * Fix crash on a misuse of STRALGO * Few fixes in module API * Fix a few rare leaks (STRALGO error misuse, Sentinel) * Fix a possible invalid access in defrag of scripts * Add LPOS command to search in a list * Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode * redis-cli support TLS for --pipe, --rdb and --replica options * TLS: Session caching configuration support redis 6.0.5: * Fix handling of speical chars in ACL LOAD * Make Redis Cluster more robust about operation errors that may lead to two clusters to mix together * Revert the sendfile() implementation of RDB transfer * Fix TLS certificate loading for chained certificates * Fix AOF rewirting of KEEPTTL SET option * Fix MULTI/EXEC behavior during -BUSY script errors
Patchnames
openSUSE-2021-682
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for redis",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for redis fixes the following issues:\n\nredis 6.0.13\n\n* CVE-2021-29477: Integer overflow in STRALGO LCS command (boo#1185729)\n* CVE-2021-29478: Integer overflow in COPY command for large intsets (boo#1185730)\n* Cluster: Skip unnecessary check which may prevent failure detection\n* Fix performance regression in BRPOP on Redis 6.0\n* Fix edge-case when a module client is unblocked\n\nredis 6.0.12:\n\n* Fix compilation error on non-glibc systems if jemalloc is not used\n\nredis 6.0.11:\n\n* CVE-2021-21309: Avoid 32-bit overflows when proto-max-bulk-len\n  is set high (boo#1182657)\n* Fix handling of threaded IO and CLIENT PAUSE (failover), could\n  lead to data loss or a crash\n* Fix the selection of a random element from large hash tables\n* Fix broken protocol in client tracking tracking-redir-broken message\n* XINFO able to access expired keys on a replica\n* Fix broken protocol in redis-benchmark when used with -a or --dbnum \n* Avoid assertions (on older kernels) when testing arm64 CoW bug\n* CONFIG REWRITE should honor umask settings\n* Fix firstkey,lastkey,step in COMMAND command for some commands\n* RM_ZsetRem: Delete key if empty, the bug could leave empty\n  zset keys \n\nredis 6.0.10:\n\nCommand behavior changes:\n\n* SWAPDB invalidates WATCHed keys (#8239)\n* SORT command behaves differently when used on a writable replica (#8283)\n* EXISTS should not alter LRU (#8016)\n  In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key.\n* OBJECT should not reveal logically expired keys (#8016)\n  Will now behave the same TYPE or any other non-DEBUG command.\n* GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit (#8107)\n\nOther behavior changes:\n\n* Sentinel: Fix missing updates to the config file after SENTINEL SET command (#8229)\n* CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder (#7824, #8051)\n  This change was already present in 6.0.9, but was missing from the release notes.\n\nBug fixes with compatibility implications (bugs introduced in Redis 6.0):\n\n* Fix RDB CRC64 checksum on big-endian systems (#8270)\n  If you're using big-endian please consider the compatibility implications with\n  RESTORE, replication and persistence.\n* Fix wrong order of key/value in Lua's map response (#8266)\n  If your scripts use redis.setresp() or return a map (new in Redis 6.0), please\n  consider the implications.\n\nBug fixes:\n\n* Fix an issue where a forked process deletes the parent's pidfile (#8231)\n* Fix crashes when enabling io-threads-do-reads (#8230)\n* Fix a crash in redis-cli after executing cluster backup (#8267)\n* Handle output buffer limits for module blocked clients (#8141)\n  Could result in a module sending reply to a blocked client to go beyond the limit.\n* Fix setproctitle related crashes. (#8150, #8088)\n  Caused various crashes on startup, mainly on Apple M1 chips or under instrumentation.\n* Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb (#8108)\n  In cluster mode with repl-diskless-load, when loading failed, slot map wouldn't\n  have been restored.\n* Fix oom-score-adj-values range, and bug when used in config file (#8046)\n  Enabling setting this in the config file in a line after enabling it, would\n  have been buggy.\n* Reset average ttl when empty databases (#8106)\n  Just causing misleading metric in INFO\n* Disable rehash when Redis has child process (#8007)\n  This could have caused excessive CoW during BGSAVE, replication or AOFRW.\n* Further improved ACL algorithm for picking categories (#7966)\n  Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER.\n* Fix bug with module GIL being released prematurely (#8061)\n  Could in theory (and rarely) cause multi-threaded modules to corrupt memory.\n* Reduce effect of client tracking causing feedback loop in key eviction (#8100)\n* Fix cluster access to unaligned memory (SIGBUS on old ARM) (#7958)\n* Fix saving of strings larger than 2GB into RDB files (#8306)\n\nAdditional improvements:\n\n* Avoid wasteful transient memory allocation in certain cases (#8286, #5954)\n\nPlatform / toolchain support related improvements:\n\n* Fix crash log registers output on ARM. (#8020)\n* Add a check for an ARM64 Linux kernel bug (#8224)\n  Due to the potential severity of this issue, Redis will print log warning on startup.\n* Raspberry build fix. (#8095)\n\nNew configuration options:\n\n* oom-score-adj-values config can now take absolute values (besides relative ones) (#8046)\n\nModule related fixes:\n\n* Moved RMAPI_FUNC_SUPPORTED so that it's usable (#8037)\n* Improve timer accuracy (#7987)\n* Allow '\\0' inside of result of RM_CreateStringPrintf (#6260)\n\nredis 6.0.9:\n\n* potential heap overflow when using a heap allocator other\n  than jemalloc or glibc's malloc. Does not affect the openSUSE\n  package - boo#1178205 \n* Memory reporting of clients argv\n* Add redis-cli control on raw format line delimiter\n* Add redis-cli support for rediss:// -u prefix\n* WATCH no longer ignores keys which have expired for MULTI/EXEC\n* Correct OBJECT ENCODING response for stream type\n* Allow blocked XREAD on a cluster replica\n* TLS: Do not require CA config if not used\n* multiple bug fixes\n* Additions to modules API\n\nredis 6.0.8 (jsc#PM-1615, jsc#PM-1622, jsc#PM-1681, jsc#ECO-2417, jsc#ECO-2867, jsc#PM-1547, jsc#CAPS-56, jsc#SLE-11578, jsc#SLE-12821):\n\n* bug fixes when using with Sentinel\n* bug fixes when using CONFIG REWRITE\n* Remove THP warning when set to madvise\n* Allow EXEC with read commands on readonly replica in cluster\n* Add masters/replicas options to redis-cli --cluster call command\n- includes changes from 6.0.7:\n* CONFIG SET could hung the client when arrives during RDB/ROF\n  loading\n* LPOS command when RANK is greater than matches responded with\n  broken protocol\n* Add oom-score-adj configuration option to control Linux OOM\n  killer\n* Show IO threads statistics and status in INFO output\n* Add optional tls verification mode (see tls-auth-clients)\n\nredis 6.0.6:\n\n* Fix crash when enabling CLIENT TRACKING with prefix\n* EXEC always fails with EXECABORT and multi-state is cleared\n* RESTORE ABSTTL won't store expired keys into the db\n* redis-cli better handling of non-pritable key names\n* TLS: Ignore client cert when tls-auth-clients off\n* Tracking: fix invalidation message on flush\n* Notify systemd on Sentinel startup\n* Fix crash on a misuse of STRALGO\n* Few fixes in module API\n* Fix a few rare leaks (STRALGO error misuse, Sentinel)\n* Fix a possible invalid access in defrag of scripts\n* Add LPOS command to search in a list\n* Use user+pass for MIGRATE in redis-cli and redis-benchmark in\n  cluster mode\n* redis-cli support TLS for --pipe, --rdb and --replica options\n* TLS: Session caching configuration support\n\nredis 6.0.5:\n\n* Fix handling of speical chars in ACL LOAD\n* Make Redis Cluster more robust about operation errors that may\n  lead to two clusters to mix together\n* Revert the sendfile() implementation of RDB transfer\n* Fix TLS certificate loading for chained certificates\n* Fix AOF rewirting of KEEPTTL SET option\n* Fix MULTI/EXEC behavior during -BUSY script errors\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-2021-682",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0682-1.json",
         },
         {
            category: "self",
            summary: "URL for openSUSE-SU-2021:0682-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z32YY6DUIFNGIYRC6JPVBZ2WTPYN5SOY/",
         },
         {
            category: "self",
            summary: "E-Mail link for openSUSE-SU-2021:0682-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z32YY6DUIFNGIYRC6JPVBZ2WTPYN5SOY/",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178205",
            url: "https://bugzilla.suse.com/1178205",
         },
         {
            category: "self",
            summary: "SUSE Bug 1182657",
            url: "https://bugzilla.suse.com/1182657",
         },
         {
            category: "self",
            summary: "SUSE Bug 1185729",
            url: "https://bugzilla.suse.com/1185729",
         },
         {
            category: "self",
            summary: "SUSE Bug 1185730",
            url: "https://bugzilla.suse.com/1185730",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-21309 page",
            url: "https://www.suse.com/security/cve/CVE-2021-21309/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-29477 page",
            url: "https://www.suse.com/security/cve/CVE-2021-29477/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-29478 page",
            url: "https://www.suse.com/security/cve/CVE-2021-29478/",
         },
      ],
      title: "Security update for redis",
      tracking: {
         current_release_date: "2021-05-07T18:41:45Z",
         generator: {
            date: "2021-05-07T18:41:45Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2021:0682-1",
         initial_release_date: "2021-05-07T18:41:45Z",
         revision_history: [
            {
               date: "2021-05-07T18:41:45Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "redis-6.0.13-lp152.2.3.1.i586",
                        product: {
                           name: "redis-6.0.13-lp152.2.3.1.i586",
                           product_id: "redis-6.0.13-lp152.2.3.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "redis-6.0.13-lp152.2.3.1.x86_64",
                        product: {
                           name: "redis-6.0.13-lp152.2.3.1.x86_64",
                           product_id: "redis-6.0.13-lp152.2.3.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.2",
                        product: {
                           name: "openSUSE Leap 15.2",
                           product_id: "openSUSE Leap 15.2",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.2",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "redis-6.0.13-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
            },
            product_reference: "redis-6.0.13-lp152.2.3.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "redis-6.0.13-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
            },
            product_reference: "redis-6.0.13-lp152.2.3.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-21309",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-21309",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \"CONFIG SET proto-max-bulk-len\" to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
               "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-21309",
               url: "https://www.suse.com/security/cve/CVE-2021-21309",
            },
            {
               category: "external",
               summary: "SUSE Bug 1182657 for CVE-2021-21309",
               url: "https://bugzilla.suse.com/1182657",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2021-05-07T18:41:45Z",
               details: "important",
            },
         ],
         title: "CVE-2021-21309",
      },
      {
         cve: "CVE-2021-29477",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-29477",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
               "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-29477",
               url: "https://www.suse.com/security/cve/CVE-2021-29477",
            },
            {
               category: "external",
               summary: "SUSE Bug 1185729 for CVE-2021-29477",
               url: "https://bugzilla.suse.com/1185729",
            },
            {
               category: "external",
               summary: "SUSE Bug 1186722 for CVE-2021-29477",
               url: "https://bugzilla.suse.com/1186722",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2021-05-07T18:41:45Z",
               details: "important",
            },
         ],
         title: "CVE-2021-29477",
      },
      {
         cve: "CVE-2021-29478",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-29478",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
               "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-29478",
               url: "https://www.suse.com/security/cve/CVE-2021-29478",
            },
            {
               category: "external",
               summary: "SUSE Bug 1185728 for CVE-2021-29478",
               url: "https://bugzilla.suse.com/1185728",
            },
            {
               category: "external",
               summary: "SUSE Bug 1185730 for CVE-2021-29478",
               url: "https://bugzilla.suse.com/1185730",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.i586",
                  "openSUSE Leap 15.2:redis-6.0.13-lp152.2.3.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2021-05-07T18:41:45Z",
               details: "important",
            },
         ],
         title: "CVE-2021-29478",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.