[ALSA-2024:10869] Moderate: redis:7 security update
Type:
security
Severity:
moderate
Release date:
2024-12-09
Description:
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Redis SORT_RO may bypass ACL configuration (CVE-2023-41053) * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145) * redis: Denial-of-service due to malformed ACL selectors in Redis (CVE-2024-31227) * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449) * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.aarch64.rpm 6778dbeca23026b39790c9587794ee1e1ade3d97d8bca1dbc836c36df9f8f1ee
aarch64 redis-7.2.6-1.module_el9.5.0+130+36ae7635.aarch64.rpm aae1bd9619606d1ba8b4ff3c0d98260030a777ff5879da9ab06bdc797f5a5b36
noarch redis-doc-7.2.6-1.module_el9.5.0+130+36ae7635.noarch.rpm 2c114e5e77004ee28712b857f95f1006f0b12a6df95654291887750a37cca3c5
ppc64le redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.ppc64le.rpm 0d17f256d9a4726551c85b0e501c40bb67d35c8b6dfb041fe9d21958a0a1c600
ppc64le redis-7.2.6-1.module_el9.5.0+130+36ae7635.ppc64le.rpm c40b8cec4da06c392269f974b83a2658aeeaeea02b968fa73359db6027cb2372
s390x redis-7.2.6-1.module_el9.5.0+130+36ae7635.s390x.rpm 4b2123b79f17caedd31178281228062dab839f4e7d205cb8aa104cadeaa5c3cb
s390x redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.s390x.rpm fdd14e4009c65ad2d0ca3726c57596aa0537ce9e815a70f6f0ddd1687dc1ddc3
x86_64 redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.x86_64.rpm 0edbcccb0a5c63f82e402899bee58876ae8b9e2c7836d6c8398171085b94a2f1
x86_64 redis-7.2.6-1.module_el9.5.0+130+36ae7635.x86_64.rpm bc739ec69ee86954f024ee5011ab9ac778b9a0f96f363ccbc38e9eae2bd459be
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.