FEDORA-2021-916f861096 created by remi 3 months ago for Fedora 34
stable

Redis 6.2.4 - Released Tue June 1 12:00:00 IST 2021

Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise.

Fix integer overflow in STRALGO LCS (CVE-2021-32625) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477.

Bug fixes that are only applicable to previous releases of Redis 6.2:

  • Fix crash after a diskless replication fork child is terminated (#8991)
  • Fix redis-benchmark crash on unsupported configs (#8916)

Other bug fixes:

  • Fix crash in UNLINK on a stream key with deleted consumer groups (#8932)
  • SINTERSTORE: Add missing keyspace del event when none of the sources exist (#8949)
  • Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs (#8958)
  • Enforce client output buffer soft limit when no traffic (#8833)

Improvements:

  • Hide AUTH passwords in MIGRATE command from slowlog (#8859)

How to install

sudo dnf upgrade --advisory=FEDORA-2021-916f861096

This update has been submitted for testing by remi.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update's test gating status has been changed to 'waiting'.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update has been pushed to testing.

3 months ago

This update has been submitted for stable by bodhi.

3 months ago

This update has been pushed to stable.

3 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 months ago
in testing
3 months ago
in stable
3 months ago

Automated Test Results