FEDORA-2023-5a7cc198c2 — security update for redis

stable

redis-7.2.1-1.fc39

FEDORA-2023-5a7cc198c2 created by remi a year ago for Fedora 39

Redis 7.2.1 Released Wed 06 Sep 2023 15:00:00 IDT

Upgrade urgency SECURITY: See security fixes below.

Security Fixes

(CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration.

Bug Fixes

Fix crashes when joining a node to an existing 7.0 Redis Cluster (#12538)
Correct request_policy and response_policy command tips on for some admin / configuration commands (#12545, #12530)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-5a7cc198c2

This update has been submitted for testing by remi.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

a year ago

remi edited this update.

a year ago

This update has been pushed to stable.

a year ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

3 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

modified

a year ago

approved

a year ago

Builds

redis-7.2.1-1.fc39

BZ#2237826 CVE-2023-41053 redis: Redis SORT_RO may bypass ACL configuration

BZ#2238560 CVE-2023-41053 redis: Redis SORT_RO may bypass ACL configuration [fedora-all]

redis-7.2.1-1.fc39

Automated Test Results

ignored