FEDORA-2021-76cf1653b3 created by remi 2 weeks ago for Fedora 33
stable

Redis 6.0.15 - Released Wed Jul 21 16:32:19 IDT 2021

Upgrade urgency: SECURITY, contains fixes to security issues that affect authenticated client connections on 32-bit versions. MODERATE otherwise.

Fix integer overflow in BITFIELD on 32-bit versions (CVE-2021-32761). An integer overflow bug in Redis version 2.2 or newer can be exploited using the BITFIELD command to corrupt the heap and potentially result with remote code execution.

Bug fixes that involve behavior changes:

  • Change reply type for ZPOPMAX/MIN with count in RESP3 to nested array (#8981). Was using a flat array like in RESP2 instead of a nested array like ZRANGE does.

Bug fixes:

  • Fail EXEC command in case a watched key is expired (#9194)
  • Fix SMOVE not to invalidate dest key (WATCH and tracking) when member already exists (#9244)
  • Fix SINTERSTORE not to delete dest key when getting a wrong type error (#9032)
  • Fix overflows on 32-bit versions in GETBIT, SETBIT, BITCOUNT, BITPOS, and BITFIELD (#9191)
  • Set TCP keepalive on inbound cluster bus connections (#9230)
  • Fix ziplist length updates on big-endian platforms (#2080)
  • Fix diskless replica loading to recover from RDB short read on module AUX data (#9199)
  • Fix race in client side tracking (#9116)
  • If diskless repl child is killed, make sure to reap the child pid (#7742)
  • Add a timeout mechanism for replicas stuck in fullsync (#8762)

CLI tools:

  • redis-cli cluster import support source and target that require auth (#7994)
  • redis-cli cluster import command may issue wrong MIGRATE command, sending COPY instead of REPLACE (#8945)
  • redis-cli support for RESP3 set type in CSV and RAW output (#7338)

How to install

sudo dnf upgrade --advisory=FEDORA-2021-76cf1653b3

This update has been submitted for testing by remi.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update's test gating status has been changed to 'waiting'.

2 weeks ago

This update's test gating status has been changed to 'ignored'.

2 weeks ago

This update has been pushed to testing.

2 weeks ago

remi edited this update.

2 weeks ago

This update has been submitted for stable by bodhi.

5 days ago

This update has been pushed to stable.

3 days ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 weeks ago
in testing
2 weeks ago
in stable
3 days ago
modified
2 weeks ago
BZ#1985476 CVE-2021-32761 redis: integer overflow issues with BITFIELD command on 32-bit systems
0
0
BZ#1985477 CVE-2021-32761 redis: integer overflow issues with BITFIELD command on 32-bit systems [fedora-all]
0
0

Automated Test Results