[ALSA-2021:3945] Important: redis:6 security update
Release date:
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 redis-devel-6.0.9-5.module_el8.4.0+2584+1bb0d2aa.aarch64.rpm 7516d84d36f4b8760216b01a8971ca88512fe7c897c45061665fa197f7982a6a
aarch64 redis-6.0.9-5.module_el8.4.0+2584+1bb0d2aa.aarch64.rpm d84c4a1b53a46f135ae5a5d9a3f08cb0475c3cf9833cefbd08c3d0126a29c34f
noarch redis-doc-6.0.9-5.module_el8.4.0+2584+1bb0d2aa.noarch.rpm f441db69f61afb941d9500c5d3e3dd3168e996d454c653c11038fcf92e04333d
ppc64le redis-6.0.9-5.module_el8.5.0+67+a3c431d9.ppc64le.rpm 0510ce5610f67e323bf1d0a1838d7e79e5e178060c5ef2bdf098db186da6de16
ppc64le redis-devel-6.0.9-5.module_el8.5.0+67+a3c431d9.ppc64le.rpm 64ca6f14611a52a4f022bfea39f6f953e45fe18bcb091f283b23324d8e3fa962
x86_64 redis-6.0.9-5.module_el8.4.0+2584+1bb0d2aa.x86_64.rpm 6ddb14ed99da80933665008be57b151ed938c78a5abba7d757aefff923d27226
x86_64 redis-devel-6.0.9-5.module_el8.4.0+2584+1bb0d2aa.x86_64.rpm d3ca202e231f4b9cbe67d0ca96ad8a62876b5a3d9ef94da8d3d4101fbc05f941
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.