ALSA-2024:10869

[ALSA-2024:10869] Moderate: redis:7 security update

Type:

security

Severity:

moderate

Release date:

2024-12-09

Description:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.  

Security Fix(es):  

  * redis: Redis SORT_RO may bypass ACL configuration (CVE-2023-41053)
  * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)
  * redis: Denial-of-service due to malformed ACL selectors in Redis (CVE-2024-31227)
  * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)
  * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.aarch64.rpm	6778dbeca23026b39790c9587794ee1e1ade3d97d8bca1dbc836c36df9f8f1ee
aarch64	redis-7.2.6-1.module_el9.5.0+130+36ae7635.aarch64.rpm	aae1bd9619606d1ba8b4ff3c0d98260030a777ff5879da9ab06bdc797f5a5b36
noarch	redis-doc-7.2.6-1.module_el9.5.0+130+36ae7635.noarch.rpm	2c114e5e77004ee28712b857f95f1006f0b12a6df95654291887750a37cca3c5
ppc64le	redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.ppc64le.rpm	0d17f256d9a4726551c85b0e501c40bb67d35c8b6dfb041fe9d21958a0a1c600
ppc64le	redis-7.2.6-1.module_el9.5.0+130+36ae7635.ppc64le.rpm	c40b8cec4da06c392269f974b83a2658aeeaeea02b968fa73359db6027cb2372
s390x	redis-7.2.6-1.module_el9.5.0+130+36ae7635.s390x.rpm	4b2123b79f17caedd31178281228062dab839f4e7d205cb8aa104cadeaa5c3cb
s390x	redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.s390x.rpm	fdd14e4009c65ad2d0ca3726c57596aa0537ce9e815a70f6f0ddd1687dc1ddc3
x86_64	redis-devel-7.2.6-1.module_el9.5.0+130+36ae7635.x86_64.rpm	0edbcccb0a5c63f82e402899bee58876ae8b9e2c7836d6c8398171085b94a2f1
x86_64	redis-7.2.6-1.module_el9.5.0+130+36ae7635.x86_64.rpm	bc739ec69ee86954f024ee5011ab9ac778b9a0f96f363ccbc38e9eae2bd459be

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.